You can't read the code. Now you don't have to trust blindly.
You commission software you cannot inspect, from a supplier whose incentives differ from yours. Watchdog gives you an independent, reproducible measurement: criteria your bidders commit to in the tender, verification that delivery met them, and ongoing oversight of the system you now depend on — all from a measurer with no stake in the result.
From €1,025 / mo · scales with lines scanned · pricing →
The buyer owns the subscription. Who pays for the thermometer decides whether the stamp means anything.
Replacement cost and key-person risk — the two figures procurement misses most — sit on the face of the card.
What to check before you commit
Live from published reports: the conformance posture, the findings a scanner can't produce — architecture, domain-model and event issues located to file:line — the plain-language conclusions, and the security/supply-chain artifacts you'd receive. The same surfaces you'd read in the full survey.
Loading real published surveys…
Real published surveys, selected for this audience — each widget shows only when the repo has that signal. Browse every published survey →
Measurement at every milestone.
The same reproducible Codebase Assurance Index, read the same way at every gate.
Put measurable criteria in the RFP and compare every bidder on the same ruler — a supplier confident in their code will accept; hesitation is also information.
Scheduled scans show the build converging on the agreed thresholds — a falling trend is a conversation in week 6, not a surprise at acceptance.
Daily security watch + regression flags on the system you now depend on — new CVEs, leaked secrets and score drops surface the day they appear, and a changelog on every scan shows exactly what changed since the last delivery.
Quarterly oversight keeps the asset honest for years — trend lines, a per-scan changelog, a CycloneDX SBOM and CWE-tagged findings your auditors and your next supplier can both read.
What you inherit when the people leave.
A supplier can hand over clean code that only one person understands — and that person isn't joining you. Watchdog reads the supplier's git history into two figures a tender should name, both deterministic and both inside the CAI — exactly the liability a demo can't show you.
Read from authorship: which delivered modules depend on one person, and whose exit would orphan the most significant code. A continuity liability quantified before you sign — not discovered when you try to change suppliers.
The code everyone who understood has gone quiet on — orphaned logic you'd inherit unmaintained. Flagged as a negotiation point now, not a year-three surprise.
Make measurement a requirement, then check it.
- "Clean, maintainable, well-tested" is in every proposal and provable in none
- You discover the real state of the code when you try to change vendors — or can't
- Quality problems surface as cost and risk years after sign-off
- Tender annex — measurable criteria bidders commit to: a CAI ≥ 80 and per-lens minimums
- Delivery verification — an independent verdict the system met the bar
- Maintenance oversight — continued scans so quality can't quietly erode
- Reproducible — same rubric, same score, every scan; not an opinion
The annex you put in the RFP.
This is illustrative, not legal advice. Work with your procurement team to adapt it to your jurisdiction and risk profile.
Annex D — Code-quality requirements
- The delivered system shall reach a Codebase Assurance Index (CAI) ≥ 80 at acceptance
- Security & compliance lens ≥ 75 · zero critical CVEs at hand-over
- Measured by an independent Watchdog scan under the Watchdog rubric, frozen at award
- Scheduled scans continue through the maintenance term; the buyer owns the subscription
Note: The same profile identity (repo name + rubric version) carries straight from tender → contract → delivery verification — no re-negotiation of the bar. Every bidder prices against the same measurable threshold: a supplier confident in their code will accept; hesitation is also information.
How it works in three steps.
The measurable criteria bidders commit to — the same identity (profile + rubric version) carries straight into the contract on award, with no re-negotiation of the bar.
At hand-over, the delta verdict confirms the codebase meets the agreed CAI floor and per-lens minimums — pass, fail, or N/A with the reason stated.
Scheduled scans through the maintenance term show whether the system you depend on is holding its quality or drifting.
Demonstrate ICT-supplier oversight for DORA & NIS2.
Financial and critical-sector organisations must show ongoing oversight of their ICT suppliers. Watchdog gives you a reproducible, dated record of supplier code quality over time.
Scheduled scans create the compliance evidence: the contract appendix and tender annex are the paper trail. The measurement stands alone, independent of any party's claims.
Never the supplier — so the subscription and the verdict stay with you, and the generated contract states this rule explicitly.
Structural independence, and an open method you can check.
An appraisal is only worth something because the appraiser is independent and paid the same either way — and because you can audit the work.
Watchdog builds nobody's software. We measure; we don't compete for the work we assess.
We're paid to measure, never to clear the deal. The result we have no stake in is the one you can trust.
The same dimensions, thresholds and scoring logic regardless of who holds the subscription — the report doesn't know which side of the deal paid for it.
We don't score by a private formula. We measure by the CAI — an open, reproducible standard: the algorithm, the lenses and the rubric are public, and the reference scorer is open source. Take any survey, run the open scorer over its evidence, and you get the same number — or you've found a discrepancy. You never have to take the score on trust. The CAI standard → cai.canine.dev · Reproduce a survey →
- EU data residency Processed only on hardware we own in Denmark — no cloud provider in the path.
- No third-party AI The language model is self-hosted; your code is never sent to OpenAI, Anthropic or Google.
- Source never persisted Each scan clones, analyses, then deletes the working copy — and we never train on your code.
- Read-only by doctrine We measure and advise; we never commit, push, or edit your code.
Stop trusting blindly. Measure instead.
Sign in with GitHub · No card · C#/.NET native.