Roo Code

High risk

High risk. Significant audit integrity concerns detected. Recommend obtaining an independent compliance assessment before vendor engagement.

Grade: D

Dimensions

Scored across governance, coverage, security, and transparency.

Flagged signals

42% of all recorded signals are negative.

Observation period

June 10, 2025 - September 10, 2025

2 audit reports referenced.

Trust score

Grade D • High risk

34%

Primary concern

Audit database match

Strongest signal

Web presence

Signal composition

Flags

Neutral

Positive

Analysis

Weighted score breakdown

Contribution shows approximate points each dimension adds to the overall score.

Analysis

Audit Integrity

Impact:HighWeight 35%

1 / 100

0.4 pts contribution

Compliance Coverage

Impact:MediumWeight 25%

35 / 100

8.8 pts contribution

Infrastructure & Security

Impact:MediumWeight 20%

75 / 100

15 pts contribution

Transparency & Governance

Impact:MediumWeight 20%

50 / 100

10 pts contribution

Signal distribution by dimension

Shows where risk evidence is concentrated across the audit dimensions.

Audit Integrity

4 signals

Flags 4

Neutral 0

Positive 0

Compliance Coverage

2 signals

Flags 0

Neutral 2

Positive 0

Infrastructure & Security

3 signals

Flags 0

Neutral 1

Positive 2

Transparency & Governance

3 signals

Flags 1

Neutral 1

Positive 1

Highlights

Top risks

Audit database match

Company found in leaked database of template-based audit reports

Audit Integrity

Multiple flagged reports

2 separate reports found, suggesting repeated engagement with flagged auditor

Audit Integrity

Type 2 report flagged

Type 2 reports require observation period testing - template usage is more concerning here

Audit Integrity

Positive indicators

Web presence

Company maintains a public website

Infrastructure & Security

Transport encryption

Website configured with HTTPS

Infrastructure & Security

Legal entity identified

Registered as "Roo Code, Inc."

Transparency & Governance

Details

Company details

Website: roocode.com
Legal name: Roo Code, Inc.
Observation period: June 10, 2025 - September 10, 2025
Report types: SOC 2 Type 2
Infrastructure: Vercel

Assessment notes

Public footprint

Public website and branded presence are available for validation.

Coverage view

4 scored dimensions with 12 supporting signals were analyzed.

Analyst takeaway

High risk. Significant audit integrity concerns detected. Recommend obtaining an independent compliance assessment before vendor engagement.

Evidence

Dimension evidence

Detailed evidence behind each dimension score and its underlying signals.

Audit Integrity

Impact: HighScore: CriticalWeight: 35% • Signals: 4

1 / 100

Signals (4)

Flag
Audit database match
Company found in leaked database of template-based audit reports
Flag
Multiple flagged reports
2 separate reports found, suggesting repeated engagement with flagged auditor
Flag
Type 2 report flagged
Type 2 reports require observation period testing - template usage is more concerning here
Flag
Auditor credibility
Audit performed by firm flagged for systematic template reuse

Compliance Coverage

Impact: MediumScore: HighWeight: 25% • Signals: 2

35 / 100

Signals (2)

Info
Single framework
SOC 2 report found, from a flagged source
Info
Report recency
Reports dated within Jan-Dec 2025 observation window

Infrastructure & Security

Impact: MediumScore: MediumWeight: 20% • Signals: 3

75 / 100

Signals (3)

Good
Web presence
Company maintains a public website
Good
Transport encryption
Website configured with HTTPS
Info
Cloud infrastructure
Hosted on Vercel

Transparency & Governance

Impact: MediumScore: HighWeight: 20% • Signals: 3

50 / 100

Signals (3)

Good
Legal entity identified
Registered as "Roo Code, Inc."
Info
Service description available
System description found in audit reports
Flag
Exception reporting
Zero exceptions reported across all audit periods - statistically improbable, suggests inadequate testing

Explore