Skip to content
An independent codebase-assurance survey — not a CI scanner · issued by Watchdog

Get the software surveyed before you trust it with the business.

You'd never buy a house on the seller's word — you'd commission your own survey. Watchdog is the independent surveyor for C#/.NET: one reproducible 0–100 Codebase Assurance Index, in a report both sides of a deal can trust. A measurement, not an opinion.

Point us at your repo — nothing to install, no CI step, no SDK, no lock-in. Read-only clone, public or private — your first survey is ready in minutes.

Sign in with GitHub · No card · C#/.NET · The first full report on any repo is €0 — depth is never gated.

authby ruben-rasmussen Exemplary
CAI98 / 100
6298↑ +36
Code health 98
Architecture 99
Maturity 99
Readiness 96
Security 100
Domain 100
Rebuild cost~€380,000
Bus factor1 of 3 devs
Lines of code35,954

Signed, and pinned to a commit + frozen rubric — the same inputs always reproduce this score.

  • Not a CI scanner or linterNever scores a line or blocks a merge.
  • Not a SAST / dataflow engineReads their signal; doesn't out-depth one.
  • Not a coding agentNever edits, commits, pushes or opens a PR.
  • Not a certifierRecords the evidence; a named human signs.
  • An independent surveyorOne altitude above your scanners.
  • One reproducible CAISigned, commit-pinned — re-runs to the same number.
  • A read-only oracleServes every finding to your agent over MCP.
  • A whole-system surveyArchitecture, maturity, compliance & risk in one report.
100%
reproducible
€0
first report
How we measure

Graded by the open CAI standard — across ten lenses.

Five are always on; five light up with your architecture. We don't just score them — we locate every finding to file:line, trend each lens scan over scan, and hand you what to fix. The standard is open: each lens links to its exact dimensions on cai.canine.dev.

Always on

Light up with your architecture

The full vocabulary — every dimension, its evaluator and rubric version — lives on the open standard. Browse the catalog →

What you get

The CAI plus the deductions — what's wrong, what it means for you, what to do.

A survey isn't a dashboard you log into. It's the number and the reading — tailored to your role and handed over as artifacts a deal can stand on.

A reproducible report

The CAI and every finding in a content-addressed PDF + JSON, pinned to a commit and a frozen rubric hash — re-runnable by either side.

A contract appendix or tender annex

Bind agreed criteria — "CAI ≥ 80, no critical CVEs" — into the deal, and verify them at delivery as a signed attestation. For providers →

An agent-ready fix list, over MCP

Every finding is a briefed task — the rule that fired, the file and line, and the score-impact — served to your coding agent over Watchdog's Model Context Protocol server, ranked by impact ÷ effort. Your agent opens the PR in your own repo; the next survey proves the number moved.

A standing inspection

Weekly full surveys plus a daily security watch, on a calendar — your portfolio trended, not a one-off snapshot. Your code rots even when nobody commits; the quiet months are watched, not skipped. For teams →

A changelog every survey

What moved since last time — CAI & per-lens deltas, the findings resolved vs raised, the features & fixes that landed, and any added or removed API endpoints. A sprint-ready record, derived facts only (never your source).

Living documentation

A C4 architecture map, a CycloneDX SBOM + licence inventory, and ADR-conformance — derived from the code on every survey, current by construction. The hand-over, audit and onboarding doc, never maintained by hand.

Independent — and you don't have to trust us

Commissioned by one side. Trusted by both — because the method is open.

A survey is only worth something because the surveyor is independent and paid the same either way, and because you can check the work. Watchdog is structurally neutral — and the way we measure isn't ours to keep.

Structurally neutral

The same versioned rubric scores you whoever pays; pin it frozen for a contract. Watchdog builds nobody's software and never touches yours — and there are no success fees. We're paid to measure, never to make the number go up.

Measured by an open standard

We don't score by a private formula. We measure by the CAI — an open, reproducible standard: the algorithm, the lenses and the rubric are public, and the reference scorer is open source. The CAI standard → cai.canine.dev

Verify any number yourself

We publish the evidence behind a score. Take a survey, run the open scorer over its evidence, and you get the same number — or you've found a discrepancy. Reproduce a survey →

The public record

Real reports, fully open — not a logo wall.

Every tile is a real repository whose owner chose to publish, with its entire survey open to read — every lens, every finding, and the exact rule each was scored by. No cherry-picked mock-ups. Audit how each number was reached; then run the same measurement on your own code.

  • EU data residency Processed only on hardware we own in Denmark — no cloud provider in the path.
  • No third-party AI The language model is self-hosted; your code is never sent to OpenAI, Anthropic or Google.
  • Source never persisted Each scan clones, analyses, then deletes the working copy — and we never train on your code.
  • Read-only by doctrine We measure and advise; we never commit, push, or edit your code.

Read the full security & data statement →

How we operate

Read-only by doctrine. Your code never leaves your control.

Evidence you declare — certificates we don't sell

Compliance evidence with a gate you can't quietly pass.

A catalog of ten frameworks (WCAG, NIS2, DORA, SSDF, SLSA, OWASP ASVS and more). We measure the automatable slice and gate it: a control we caught failing can't be silently passed — overriding it is recorded, in full, in the artifact. You declare the rest, and a named person signs. We measure; you declare; we never certify.

Enterprise & regulated environments

Run the whole survey inside your own network.

For regulated and security-sensitive teams, Watchdog deploys self-hosted: your code never leaves your perimeter, the language model runs on your hardware, and the SOC 2 / data-residency question goes away. EU data residency, no third-party AI, source never persisted — on infrastructure you control.

Software is the only seven-figure asset you run without an appraisal. Get one.

Sign in with GitHub · no card · C#/.NET native.