Due diligence for the asset you can't read.
In most deals the software is the largest asset nobody appraises — millions of euros of value and risk, signed off on the strength of a demo and a founder's word. Watchdog is the independent surveyor for C#/.NET: one reproducible 0–100 Codebase Assurance Index for the data room, comparable from LOI to close, that you can put in front of an investment committee or an underwriter.
From €775 / mo · scales with lines scanned · pricing →
Sign in with GitHub · No card · C#/.NET native · The first full report on any repo is €0.
The two figures diligence misses most — replacement cost and key-person risk — sit on the face of the card.
The portfolio, appraised for the data room.
The system you're acquiring
Live from published reports: the C4 architecture map of the asset, the conformance posture, the findings that locate risk, and the security/supply-chain artifacts — the same surfaces your technical committee reads.
Loading real published surveys…
Real published surveys, selected for this audience — each widget shows only when the repo has that signal. Browse every published survey →
An appraisal for the line item nobody can value.
The same survey, read three ways — by the committee pricing the asset, the lender taking it as collateral, and the insurer underwriting the risk.
An independent CAI both sides can cite — not the seller's slide deck. Quantifies the engineering risk you're buying before the number is on the term sheet — and, for bounded-context systems, draws the target's architecture as a C4 map with the rot in red.
A reproducible score a lender or investor can actually price — and re-check on a schedule for the life of the facility, not just at signing.
Freeze the rubric at the letter of intent and the number at close means exactly what the number at LOI meant. No moving goalposts.
The liability that isn't in the code.
Diligence misses it because it isn't in any file: which modules depend on one departing founder, and which core logic everyone who understood has gone quiet on. Watchdog reads both from the target's git history — into the same reproducible CAI you compare from LOI to close. A continuity liability you'd otherwise inherit unpriced, surfaced before the term sheet.
Which parts of the asset live in one person's head — by time-decayed authorship — and whose departure would orphan the most significant code. Underwritable, and comparable gate to gate.
Modules whose authors have all gone quiet: code you'd inherit that nobody actively maintains. Surfaced at LOI — not discovered the quarter after close.
The same yardstick from intent to close.
Survey the target at each gate against a rubric pinned at the letter of intent. Because the measurement is deterministic, a re-survey on the same commit lands on the same number — so any movement you see is the asset changing, never the ruler. A changelog at each gate spells out exactly what changed between LOI and close: new CVEs, findings closed, components rebuilt, API endpoints added or removed.
The appraisal a counterparty can't tilt.
An appraisal is only worth something because the appraiser is independent and paid the same either way. Watchdog builds nobody's software and charges no success fee — the one stance neither the seller nor their advisors can take about the asset they're selling.
Same commit, same frozen rubric → byte-identical score — and the method is the CAI, an open, reproducible standard, not our private black box. Your diligence engineer re-runs the open scorer over the evidence and gets the same number; the appraisal stands up to a committee because it's checkable, not because we said so. The CAI standard → cai.canine.dev · Reproduce the appraisal →
We're paid to measure, never to clear the deal or to make the number go up. The result we have no interest in is the one you can underwrite.
The compliance liabilities you'd otherwise inherit.
Watchdog measures the automatable slice of ten frameworks (WCAG, NIS2, DORA, SSDF, SLSA, OWASP ASVS and more) and gates it — so a control caught failing in the target can't be quietly passed before you own it. Every survey also issues a CycloneDX SBOM and tags security findings with their MITRE CWE id — the supply-chain and weakness liabilities you'd inherit, surfaced early. We measure; the target declares the rest; we never certify.
From letter of intent to a number you can underwrite.
Pin the rubric version at the letter of intent so every reading from LOI to close is directly comparable — no moving goalposts.
A baseline at LOI, a re-survey through diligence, a number at close — the same commit re-scores the same, so any movement is the asset changing, never the ruler.
Hand the signed Due-Diligence Pack to the committee and the scorecards to your diligence engineer, who re-runs the open scorer to confirm the number.
- EU data residency Processed only on hardware we own in Denmark — no cloud provider in the path.
- No third-party AI The language model is self-hosted; your code is never sent to OpenAI, Anthropic or Google.
- Source never persisted Each scan clones, analyses, then deletes the working copy — and we never train on your code.
- Read-only by doctrine We measure and advise; we never commit, push, or edit your code.
Price the software like the seven-figure asset it is. Appraise it.
Sign in with GitHub · no card · C#/.NET native.