Skip to content
For acquirers, investors & insurers

Due diligence for the asset you can't read.

In most deals the software is the largest asset nobody appraises — millions of euros of value and risk, signed off on the strength of a demo and a founder's word. Watchdog is the independent surveyor for C#/.NET: one reproducible 0–100 Codebase Assurance Index for the data room, comparable from LOI to close, that you can put in front of an investment committee or an underwriter.

From €775 / mo · scales with lines scanned · pricing →

Sign in with GitHub · No card · C#/.NET native · The first full report on any repo is €0.

sample target
target / core-platform Strong
CAI76 / 100
7176↑ +5
Code health 80
Architecture 72
Maturity 70
Readiness 78
Security 81
Rebuild cost€3.4M–5.1M
Bus factor2 of 11 devs
Lines of code612,000

The two figures diligence misses most — replacement cost and key-person risk — sit on the face of the card.

What you read

The portfolio, appraised for the data room.

What the index gives the deal

An appraisal for the line item nobody can value.

The same survey, read three ways — by the committee pricing the asset, the lender taking it as collateral, and the insurer underwriting the risk.

A data-room appraisal

An independent CAI both sides can cite — not the seller's slide deck. Quantifies the engineering risk you're buying before the number is on the term sheet — and, for bounded-context systems, draws the target's architecture as a C4 map with the rot in red.

Software as collateral

A reproducible score a lender or investor can actually price — and re-check on a schedule for the life of the facility, not just at signing.

Comparable at every gate

Freeze the rubric at the letter of intent and the number at close means exactly what the number at LOI meant. No moving goalposts.

Continuity risk, quantified

The liability that isn't in the code.

Diligence misses it because it isn't in any file: which modules depend on one departing founder, and which core logic everyone who understood has gone quiet on. Watchdog reads both from the target's git history — into the same reproducible CAI you compare from LOI to close. A continuity liability you'd otherwise inherit unpriced, surfaced before the term sheet.

Off-boarding risk

Which parts of the asset live in one person's head — by time-decayed authorship — and whose departure would orphan the most significant code. Underwritable, and comparable gate to gate.

Knowledge freshness

Modules whose authors have all gone quiet: code you'd inherit that nobody actively maintains. Surfaced at LOI — not discovered the quarter after close.

One rubric, frozen at LOI

The same yardstick from intent to close.

Survey the target at each gate against a rubric pinned at the letter of intent. Because the measurement is deterministic, a re-survey on the same commit lands on the same number — so any movement you see is the asset changing, never the ruler. A changelog at each gate spells out exactly what changed between LOI and close: new CVEs, findings closed, components rebuilt, API endpoints added or removed.

one rubric — frozen at LOI, so every reading is comparable CAI 71 LOI letter of intent CAI 71 Due diligence data room CAI 76 Close completion
Survey the target at every gate against one rubric frozen at the letter of intent — so the number you underwrite at LOI and the number at close are directly comparable.
Why a third party, not the seller

The appraisal a counterparty can't tilt.

An appraisal is only worth something because the appraiser is independent and paid the same either way. Watchdog builds nobody's software and charges no success fee — the one stance neither the seller nor their advisors can take about the asset they're selling.

Reproducible against an open standard

Same commit, same frozen rubric → byte-identical score — and the method is the CAI, an open, reproducible standard, not our private black box. Your diligence engineer re-runs the open scorer over the evidence and gets the same number; the appraisal stands up to a committee because it's checkable, not because we said so. The CAI standard → cai.canine.dev · Reproduce the appraisal →

No stake in the outcome

We're paid to measure, never to clear the deal or to make the number go up. The result we have no interest in is the one you can underwrite.

Regulatory exposure, surfaced early

The compliance liabilities you'd otherwise inherit.

Watchdog measures the automatable slice of ten frameworks (WCAG, NIS2, DORA, SSDF, SLSA, OWASP ASVS and more) and gates it — so a control caught failing in the target can't be quietly passed before you own it. Every survey also issues a CycloneDX SBOM and tags security findings with their MITRE CWE id — the supply-chain and weakness liabilities you'd inherit, surfaced early. We measure; the target declares the rest; we never certify.

How it works — for you

From letter of intent to a number you can underwrite.

1 · Freeze the rubric at the LOI

Pin the rubric version at the letter of intent so every reading from LOI to close is directly comparable — no moving goalposts.

2 · Survey at each gate

A baseline at LOI, a re-survey through diligence, a number at close — the same commit re-scores the same, so any movement is the asset changing, never the ruler.

3 · Underwrite it

Hand the signed Due-Diligence Pack to the committee and the scorecards to your diligence engineer, who re-runs the open scorer to confirm the number.

  • EU data residency Processed only on hardware we own in Denmark — no cloud provider in the path.
  • No third-party AI The language model is self-hosted; your code is never sent to OpenAI, Anthropic or Google.
  • Source never persisted Each scan clones, analyses, then deletes the working copy — and we never train on your code.
  • Read-only by doctrine We measure and advise; we never commit, push, or edit your code.

Read the full security & data statement →

Price the software like the seven-figure asset it is. Appraise it.

Sign in with GitHub · no card · C#/.NET native.