In software, you are buying a chain of title, not a factory.
A single missing assignment agreement or toxic dependency renders the entire technology stack toxic.
Code is often written by contractors or early employees before formal contracts existed. If a core module author never signed an assignment, the seller does not own the asset.
Associates spot-check random employment files. They cannot physically cross-reference every developer name against the legal folder.
Colabra's gap analysis maps the "IP assignment" task against the data room index. We instantly flag if the folder is empty or if specific key employee agreements are missing from the record. We don't read the code; we verify the legal chain of title.
Modern SaaS is built on thousands of open-source packages. A single GPL-licensed dependency in a proprietary codebase creates a legal time bomb, forcing you to open-source your IP.
Lawyers review the "open source disclosure" schedule provided by the seller. They rarely look at the actual codebase or lock files.
Colabra's dependency scanner parses package.json, yarn.lock, and SBOM files directly. We screen every library for licence compliance and known vulnerabilities. You get a structured risk profile of the software supply chain, validating the code reality against the legal disclosure.
Sellers often bury unfavourable terms (uncapped liability, broad indemnities, or non-standard termination rights) in customer contracts that inflate the perceived quality of ARR.
Reviewing 500 MSAs is impossible. You sample 10% and hope for the best.
Colabra's AI extraction pulls the critical commercial terms—termination for convenience, liability caps, and governing law—from every customer contract. You get a structured grid of commercial risk, allowing you to spot the outliers that threaten the valuation.
Enterprise customers require SOC 2 Type II or ISO 27001. A gap in compliance blocks upstream revenue and creates data breach liability.
Glancing at the cover page of the SOC 2 report to see the auditor's stamp.
Colabra's compliance extraction pulls control findings, remediation items, and audit opinions directly from SOC 2, HIPAA, and PCI-DSS reports. We highlight the gaps between the certification scope and the actual implementation, ensuring you aren't buying a breach waiting to happen.
Case study: ZeniMax v. Oculus (Facebook)
Facebook acquired Oculus for $2B, but ZeniMax sued, claiming key tech was developed by a former employee. The jury awarded ZeniMax $500 million.
Our gap analysis would have highlighted the missing PIIA (Proprietary Information and Invention Assignment) documents for key technical staff, forcing the seller to cure the defect pre-close.