The deliverables catalog.
Assay's product is the artifacts about the code, not the act of scanning. Each report below is activated per engagement against a piece of signed CAI evidence — the evidence once, the reports for whoever needs them.
Six reports. One evidence spine.
Every report reads the same signed evidence — so the numbers agree with each other, and with what the other side saw.
Consequences report
What the findings mean for you, in plain language — value-at-risk, the risks to raise, and what to ask your team to do. Decide and delegate.
Consequences →Due-diligence dossier
Data-room DD for acquirers, investors and insurers — rubric frozen at LOI, comparable to close, re-derivable by your own advisors.
Due diligence →Tender & delivery verification
Write "Supplier shall deliver a CAI ≥ 80" into the RFP, and verify it at delivery — pass, fail, or N/A with the reason stated.
Tender →Contract appendix & attestation
Bind agreed criteria into the deal, and hand over a signed, commit-pinned proof of delivery neither party can move.
Attestation →Compliance & signing pack
The signed Conformance Pack — measured, gated conformance across ten frameworks, declared by a named person. We measure; you declare; we never certify.
Compliance →Portfolio appraisal
The standing view across many repositories and suppliers — one rubric, trended, comparable, for a whole book of software assets.
Portfolio →