Skip to content
For buyers of bespoke software

You can't read the code. Now you don't have to trust blindly.

You commission software you cannot inspect, from a supplier whose incentives differ from yours. Watchdog gives you an independent, reproducible measurement: criteria your bidders commit to in the tender, verification that delivery met them, and ongoing oversight of the system you now depend on — all from a measurer with no stake in the result.

From €1,025 / mo · scales with lines scanned · pricing →

The buyer owns the subscription. Who pays for the thermometer decides whether the stamp means anything.

authby ruben-rasmussen Exemplary
CAI98 / 100
6298↑ +36
Code health 98
Architecture 99
Maturity 99
Readiness 96
Security 100
Domain 100
Rebuild cost~€380,000
Bus factor1 of 3 devs
Lines of code35,954

Replacement cost and key-person risk — the two figures procurement misses most — sit on the face of the card.

What you get, phase by phase

Measurement at every milestone.

The same reproducible Codebase Assurance Index, read the same way at every gate.

In the tender

Put measurable criteria in the RFP and compare every bidder on the same ruler — a supplier confident in their code will accept; hesitation is also information.

During delivery

Scheduled scans show the build converging on the agreed thresholds — a falling trend is a conversation in week 6, not a surprise at acceptance.

In hypercare

Daily security watch + regression flags on the system you now depend on — new CVEs, leaked secrets and score drops surface the day they appear, and a changelog on every scan shows exactly what changed since the last delivery.

After hypercare

Quarterly oversight keeps the asset honest for years — trend lines, a per-scan changelog, a CycloneDX SBOM and CWE-tagged findings your auditors and your next supplier can both read.

The risk that isn't in the code

What you inherit when the people leave.

A supplier can hand over clean code that only one person understands — and that person isn't joining you. Watchdog reads the supplier's git history into two figures a tender should name, both deterministic and both inside the CAI — exactly the liability a demo can't show you.

Off-boarding risk

Read from authorship: which delivered modules depend on one person, and whose exit would orphan the most significant code. A continuity liability quantified before you sign — not discovered when you try to change suppliers.

Knowledge freshness

The code everyone who understood has gone quiet on — orphaned logic you'd inherit unmaintained. Flagged as a negotiation point now, not a year-three surprise.

The asymmetry you're up against

Make measurement a requirement, then check it.

Today you take it on faith
  • "Clean, maintainable, well-tested" is in every proposal and provable in none
  • You discover the real state of the code when you try to change vendors — or can't
  • Quality problems surface as cost and risk years after sign-off
Make it a requirement, then check it
  • Tender annex — measurable criteria bidders commit to: a CAI ≥ 80 and per-lens minimums
  • Delivery verification — an independent verdict the system met the bar
  • Maintenance oversight — continued scans so quality can't quietly erode
  • Reproducible — same rubric, same score, every scan; not an opinion
The contract language

The annex you put in the RFP.

This is illustrative, not legal advice. Work with your procurement team to adapt it to your jurisdiction and risk profile.

Tender annex · sample

Annex D — Code-quality requirements

  • The delivered system shall reach a Codebase Assurance Index (CAI) ≥ 80 at acceptance
  • Security & compliance lens ≥ 75 · zero critical CVEs at hand-over
  • Measured by an independent Watchdog scan under the Watchdog rubric, frozen at award
  • Scheduled scans continue through the maintenance term; the buyer owns the subscription

Note: The same profile identity (repo name + rubric version) carries straight from tender → contract → delivery verification — no re-negotiation of the bar. Every bidder prices against the same measurable threshold: a supplier confident in their code will accept; hesitation is also information.

How it works — for you

How it works in three steps.

1 · Put a tender annex in the RFP

The measurable criteria bidders commit to — the same identity (profile + rubric version) carries straight into the contract on award, with no re-negotiation of the bar.

2 · Verify the delivery

At hand-over, the delta verdict confirms the codebase meets the agreed CAI floor and per-lens minimums — pass, fail, or N/A with the reason stated.

3 · Keep oversight

Scheduled scans through the maintenance term show whether the system you depend on is holding its quality or drifting.

Regulatory oversight

Demonstrate ICT-supplier oversight for DORA & NIS2.

Financial and critical-sector organisations must show ongoing oversight of their ICT suppliers. Watchdog gives you a reproducible, dated record of supplier code quality over time.

The audit is the artifact

Scheduled scans create the compliance evidence: the contract appendix and tender annex are the paper trail. The measurement stands alone, independent of any party's claims.

The buyer owns the subscription

Never the supplier — so the subscription and the verdict stay with you, and the generated contract states this rule explicitly.

Independent — and you don't have to trust us

Structural independence, and an open method you can check.

An appraisal is only worth something because the appraiser is independent and paid the same either way — and because you can audit the work.

Never a delivering party

Watchdog builds nobody's software. We measure; we don't compete for the work we assess.

No success fees

We're paid to measure, never to clear the deal. The result we have no stake in is the one you can trust.

Identical rubric, whoever pays

The same dimensions, thresholds and scoring logic regardless of who holds the subscription — the report doesn't know which side of the deal paid for it.

Measured by an open standard — verify any number yourself

We don't score by a private formula. We measure by the CAI — an open, reproducible standard: the algorithm, the lenses and the rubric are public, and the reference scorer is open source. Take any survey, run the open scorer over its evidence, and you get the same number — or you've found a discrepancy. You never have to take the score on trust. The CAI standard → cai.canine.dev · Reproduce a survey →

  • EU data residency Processed only on hardware we own in Denmark — no cloud provider in the path.
  • No third-party AI The language model is self-hosted; your code is never sent to OpenAI, Anthropic or Google.
  • Source never persisted Each scan clones, analyses, then deletes the working copy — and we never train on your code.
  • Read-only by doctrine We measure and advise; we never commit, push, or edit your code.

Read the full security & data statement →

Stop trusting blindly. Measure instead.

Sign in with GitHub · No card · C#/.NET native.