“You may already have created something valuable. Our job is to tell you whether that value is safe to build on, what needs fixing, and how to get from prototype to a supportable business system.”
— The Scorchsoft team
An App Rescue Assessment answers a single commercial question: can this application be trusted, supported, improved, and safely relied upon by your business? We look past whether the screens work today and tell you whether the foundations underneath are sound enough for real users and real data.
A decision, not just a code review
You are not buying a critique of the code for its own sake. You are buying a decision — whether to support it, stabilise it, treat it as a prototype, or rebuild — backed by evidence. It protects you from investing blindly, and it means any work that follows starts from firm ground.
We review the codebase across the areas that decide whether it can carry a business, then rate each one so the picture is easy to read.
Structure, architecture & scalability
How the app is organised, whether concerns are separated, whether it uses sensible routing and a real frontend/backend boundary — and whether a developer can safely change one thing without breaking three others.
Security, data & compliance risk
Authentication, role-based access, secrets handling, and database access rules — with particular care where the system holds personal, financial, payroll or compliance data.
Testing, deployment & supportability
Regression risk, existing test coverage, hosting and deployment readiness, monitoring and backups — and, ultimately, whether Scorchsoft could responsibly support it.
Practical, not academic
You get a short, useful report you will actually read — not a sixty-page audit that sits in a drawer. It leads with the answers: can we support it, is it production-ready, what are the biggest risks, and what is the recommended next step.
Rated, prioritised and costed
Each area carries a simple red/amber/green rating. Critical risks are called out with recommendations, remediation is split into must-fix, should-fix and could-fix, and we give a finger-in-the-air sprint range with the assumptions behind it and a clear support recommendation.
What you walk away with
Three things that turn uncertainty into a decision you can act on.
A clear support verdict
One of four honest outcomes, so you know exactly where the app stands — and whether Scorchsoft would support it, and on what conditions.
A prioritised risk & remediation roadmap
The critical issues, ranked, with what to fix before real users or real data depend on the system — and what can safely wait.
A costed next step
A sprint range for the recommended work, so you can budget the path from prototype to a reliable, supportable product.
Every assessment lands the codebase in one of four categories. Each comes with a clear reason and a recommended route forward.
- Supportable now — sound enough to onboard with only minor fixes.
- Supportable after stabilisation — genuine value, but it needs refactoring, security or deployment work first.
- Prototype or reference only — a strong proof of concept whose product thinking should guide a cleaner build.
- Rebuild recommended — the honest call when building on it would cost more than starting fresh.
A natural next step, not a hard sell
Where the answer is “yes, with work”, the assessment maps straight into delivery: refactor and stabilisation sprints, regression testing, deployment preparation, hosting, monitoring and ongoing support — sequenced so the risky things get fixed first.
AI got you started — we make it safe to rely on
AI-assisted and inherited apps often contain real product value: workflows, interface direction and business logic that prove the concept matters. Our job is to preserve that and put professional engineering underneath it, so the business can depend on it.
How the assessment works
A simple, low-commitment path from “is this worth assessing?” to a plan you can act on.
Free initial skim
We take a quick look to confirm it is worth assessing — repo access, whether it runs, and whether the stack is one we support. A simple yes, no, or maybe.
The paid assessment
A structured review of the code, architecture, security, data handling, deployment readiness and key user journeys, ending in a practical findings report.
Findings call & next step
We walk you through the result, agree the biggest risks and what to fix first, and recommend the safest route forward — support, stabilisation, or rebuild.
Stacks and tools we assess
We review modern web, mobile and AI codebases — including apps built with AI and no-code tools. If your stack is not listed, ask; we are usually happy to take a look.
- React
- React Native
- Next.js
- Node.js
- Laravel
- .NET
- Django
- TypeScript
- Python
- PHP
- Expo
- Capacitor / PWA
- Supabase
- Firebase
- AWS
- Vercel / Netlify
- Docker
- Cursor
- Claude
- Bolt
- Lovable
- v0
- Replit
Frequently Asked Questions
What exactly is an App Rescue Assessment?
It is a fixed-fee code audit and codebase viability review of an existing application. It answers one commercial question — can this be safely supported, stabilised, used as a prototype, or should it be rebuilt — and delivers a practical findings report with a clear recommendation, risk summary and a sprint estimate for the next step.
How is this different from your App Project Rescue Service?
The assessment is the diagnostic first step; the App Project Rescue Service is the delivery that follows. The assessment de-risks the decision before you commit budget to a rescue, refactor or support arrangement — and its findings feed straight into that work if you choose to proceed.
What do I actually receive?
A short, practical findings report you will read cover to cover: an executive summary, a red/amber/green scorecard across code structure, architecture, security, data handling, testing, deployment and supportability, a prioritised list of critical risks, a remediation roadmap, a sprint range, and a clear support recommendation. It is followed by a findings call to walk you through it.
How much does it cost and how long does it take?
A Standard App Rescue Assessment is £3,000 + VAT. Smaller apps can be less (from around £1,500) and larger or more sensitive systems more (£5,000–£8,000+). Most assessments complete within a few working days once we have repo and demo access — it is scoped as planning, not a full project.
My app was built with AI or “vibe-coded” — can you still assess it?
Yes, and increasingly this is exactly what we see. AI tools like Cursor, Claude, Bolt and Lovable get people surprisingly far, and the product thinking is often genuinely good. The assessment separates that useful value from production readiness, and tells you what needs proper engineering before real users and data depend on it.
Will you just tell me to start from scratch?
No. There are four honest outcomes, and a rebuild is only recommended when building on the existing code would genuinely cost more than starting fresh. Our default is to preserve what works and avoid rebuilds wherever it is safe to do so.
Is this a penetration test or full QA?
No. It is a pragmatic security and risk review, not a full penetration test or exhaustive QA — both of which can be arranged separately if needed. The goal is to surface the major, business-critical risks so you can make a confident decision.
What access do you need to run it?
Ideally access to the repository, a way to run or view a demo or staging version, and any documentation that exists. We will also confirm that you own the code and IP. If documentation is thin, that is fine — filling those gaps is part of what the assessment identifies.
Do you handle the fixes afterwards, and will you support it?
Yes. Where the app is supportable, the assessment leads naturally into stabilisation sprints, regression testing, deployment preparation, hosting, monitoring and ongoing support. We will tell you the minimum conditions that need to be met before we take on support.
Can I use the report with another developer?
Yes — the report is yours, with no lock-in. Whether you continue with Scorchsoft or take the roadmap to your own team, you leave with a clear, honest picture of where the app stands and what to do next.