Skip to content
Where Watchdog fits

The surveyor sits above your scanners — not beside them.

Watchdog isn't another line-level scanner competing for the same slot. It's an independent survey one altitude up: it reads your whole product and issues a single, reproducible Codebase Assurance Index (CAI) your engineers, your agents, and your auditor can act on. Keep every tool you already run — Watchdog answers the question none of them do.

C#/.NET · a measurement, not an opinion.

  • Not a CI scanner or linterNever scores a line or blocks a merge.
  • Not a SAST / dataflow engineReads their signal; doesn't out-depth one.
  • Not a coding agentNever edits, commits, pushes or opens a PR.
  • Not a certifierRecords the evidence; a named human signs.
  • An independent surveyorOne altitude above your scanners.
  • One reproducible CAISigned, commit-pinned — re-runs to the same number.
  • A read-only oracleServes every finding to your agent over MCP.
  • A whole-system surveyArchitecture, maturity, compliance & risk in one report.
Altitude decides the job

Specialists hold the line. The surveyor judges the system.

A grid placing each tool by primary job (columns) and altitude (rows). Point tools sit low in one column each; Watchdog spans the upper rows across every column; SIG shares the top cell. A grid placing each tool by primary job (columns) and altitude (rows). Point tools sit low in one column each; Watchdog spans the upper rows across every column; SIG shares the top cell.

The tools you already run are specialists — each owns one column of concern, down at the line or the file, and that's exactly what they should do. Climb to the module, the system, the whole portfolio and the job changes: it becomes synthesis. Is the architecture sound? Is it maturing? Can you prove it's compliant? That's the altitude Watchdog was built for.

Read it as altitude and job, not a ranking — not a scoreboard.

Because it spans that whole height, one measurement is read at every altitude: a board sees a single CAI, an architect sees the failing lens, an engineer — or their coding agent — gets the exact file, line and fix. The scanners each stop at one floor; the survey is the shaft that connects them.

It earns the upper floors by synthesis — architecture, maturity and compliance folded into one reproducible number. And it's honest about the bottom one: at the line and the pull request it defers to the specialists. It reads their output and places it in the system picture; it never replaces a deep SAST engine or your live IDE lint.

An altitude elevator: tools sit on fixed floors while Watchdog runs as a vertical shaft from one score at the top to an exact finding and agent task at the bottom. An altitude elevator: tools sit on fixed floors while Watchdog runs as a vertical shaft from one score at the top to an exact finding and agent task at the bottom.
Why it earns that altitude

Four things — the first is the one no scanner can claim.

Deterministic

Same code in, same CAI out under the same rubric and advisory data — re-run the survey and the number holds. That's what makes a trend real, a contract floor you can set and verify at each scheduled scan, and a compliance number an auditor can rely on. How the rubric works →

Architecture- & intent-aware

Conditional lenses for DDD, event-driven and event-sourced designs, ADR conformance, and a maturity ladder. Watchdog surveys what the code is trying to be — not just what it literally says.

One survey across the product

Every repo you ship together — down to the services inside a monorepo — rolls up into one CAI, with each repo's compliance declaration bundled in. Not a pile of disconnected per-repo reports.

Independent & read-only

Watchdog never edits your code and never certifies you — it assembles the evidence; a human signs. The measurer never sits at the table. Our neutrality →

Scope

Same repos. Two scopes of view.

A scanner reviews one repo, or one pull request. Watchdog reviews the product — every repo you ship as a unit, decomposing a monorepo into a CAI per deployable service: each service scored by the same lenses as the whole product, then rolled up into one whole-product survey, with each repo's compliance declaration bundled in.

Two panels over the same repos. Left, a scanner's view: one repo in focus, the rest dimmed. Right, Watchdog's view: all repos inside one product boundary under a single survey. Two panels over the same repos. Left, a scanner's view: one repo in focus, the rest dimmed. Right, Watchdog's view: all repos inside one product boundary under a single survey.

Every other tool here is scoped to a repo or a diff. Watchdog is scoped to the thing you actually ship.

The one true peer

SIG & Watchdog — the same kind of verdict.

The Software Improvement Group pioneered the independent, board-grade software survey — a benchmarked model delivered through a consulting engagement, and it's excellent. Watchdog issues the same kind of independent verdict by a different mechanism: a deterministic, reproducible rubric you run yourself — continuously, the same day you ask, from a single team to a whole portfolio. Same altitude; self-serve where SIG is high-touch.

Two routes to the same independent verdict. SIG's benchmarked consulting engagement, or Watchdog's deterministic, self-serve rubric — reproducible, continuous, and equally at home with a startup or a large organization. It's the same job; we just made it something you can run on demand.
What you'd otherwise reach for

The real alternatives — and why the survey beats each.

When a team or a buyer skips Watchdog, it isn't for another scanner — it's for one of these. So this is what the survey is actually measured against.

The DIY stack

SonarQube + a tech lead's judgement + a spreadsheet. It works — until the tech lead leaves or the spreadsheet is the only place the verdict lives. Watchdog is that exact stack, made reproducible, independent and signable — the rubric outlives the person.

A commissioned manual review

A consultancy reads the code for a fortnight and writes a verdict. Watchdog issues the same kind of verdict deterministically, the day you ask — and re-issues it every scan instead of once, so the trend is real.

Technical due-diligence

The M&A equivalent: excellent, billed per engagement, frozen the day they stop reading. Watchdog gives a CAI comparable from LOI to close, re-derivable by your own advisors from the code itself. For acquirers →

Keep your stack

Your scanners are instruments. Watchdog is the survey.

A surveyor doesn't compete with the moisture meter — it reads the instruments and writes the report a buyer can act on. Your scanners live one altitude below the survey and feed it: Watchdog reads the same signals, adds architecture, domain-intent and git-history dimensions of its own, and rolls them into one reproducible CAI. Keep every one of them — none is a competitor, and none is a peer. The only thing that does Watchdog's job is another independent assurance body, like SIG above.

They hold the line. Watchdog judges the system — the only thing on this page doing that job.

If you need…Reach for…Watchdog's role
Block a bad line before it mergesSonarQube / Coverity (IDE & CI)reads their signal, scores it into the system verdict
Drive a dependency graph by handNDependfolds an IL-bloat signal into a reproducible CAI
The deepest behavioural / social analysisCodeSceneits own hotspots + bus-factor, scored, served to any agent
The deepest SCA / fix-PRsSnykNuGet + npm SCA + a CycloneDX SBOM every scan, mapped to NIS2 / DORA
An independent, board-grade verdictSIG (consulting) or Watchdog (self-serve)the same job, run on demand
To replace the spreadsheet, a manual audit, or tech-DDWatchdogthat is the job

Keep every tool above — none is a rival. The bottom row is the one Watchdog owns; the deep-dives below show how each instrument feeds the survey.

SonarQube + Watchdog

SonarQube's half and Watchdog's half, with a small shared sliver of secrets, CVEs, coverage. SonarQube's half and Watchdog's half, with a small shared sliver of secrets, CVEs, coverage.
SonarQube gives you
  • breadth across 30+ languages
  • thousands of line rules + dataflow SAST
  • a live IDE gate that blocks bad merges
Watchdog adds
  • architecture & maturity, scored into the CAI deterministically
  • one portfolio roll-up, not per-repo noise
  • signed compliance + agent-actionable tasks

Better together: SonarQube keeps every line clean across the codebase; Watchdog tells you whether the system those lines add up to is sound, compliant, and shippable — and emits a changelog every scan (CAI & per-lens deltas, findings resolved/raised, features by area, API endpoints added/removed) for your retro and your audit. It never re-scans the line — it works one altitude up.

NDepend + Watchdog

NDepend's half and Watchdog's half, with a shared sliver of coupling, cycles, complexity — the closest overlap. NDepend's half and Watchdog's half, with a shared sliver of coupling, cycles, complexity — the closest overlap.
NDepend gives you
  • deep dependency graphs & matrices
  • custom CQLinq rules, IL-level metrics
  • hands-on architecture inspection in Visual Studio
Watchdog adds
  • its own IL-level read — emitted-IL method bloat (Mono.Cecil), scored into the CAI
  • a C4 architecture map coloured by health, boundary violations drawn in red — for bounded-context systems
  • domain-intent lenses + a maturity ladder; a reproducible CAI across the portfolio + an agent loop

An instrument, not a peer. Both are .NET and both read the emitted IL — but NDepend is the microscope an engineer drives by hand, while Watchdog folds an IL-bloat signal into a scored, reproducible survey across the whole product. Drill in with NDepend; trend and attest with Watchdog.

CodeScene + Watchdog

CodeScene's half and Watchdog's half, with a shared sliver of hotspots, bus-factor, trends. CodeScene's half and Watchdog's half, with a shared sliver of hotspots, bus-factor, trends.
CodeScene gives you
  • the deepest behavioural & social analysis
  • prioritise work by where you actually edit
  • ACE auto-refactoring
Watchdog adds
  • its own hotspots, change-coupling & bus-factor — folded into the score
  • architecture-intent lenses + a deterministic CAI you can gate on
  • every finding served to your own coding agent over MCP — the next scan proves it landed
  • contract profiles + signed compliance

Better together: we share the behavioural read — Watchdog mines hotspots, change-coupling and bus-factor from your git history and folds them into the survey; CodeScene goes deeper on social analysis. On remediation the split is open vs closed: CodeScene fixes inside its own ACE engine, while Watchdog stays read-only and hands every finding to whatever agent you already run — then re-measures to prove the fix landed. CodeScene for day-to-day guidance; Watchdog for the contract-grade, reproducible number.

Snyk + Watchdog

Snyk and Watchdog share SCA (NuGet, npm), secrets, IaC, licences and SBOM; Snyk goes deeper and broader, Watchdog folds it into one reproducible survey. Snyk and Watchdog share SCA (NuGet, npm), secrets, IaC, licences and SBOM; Snyk goes deeper and broader, Watchdog folds it into one reproducible survey.
Snyk gives you
  • the deepest SCA database, broadest ecosystems
  • container & registry scanning, automated fix-PRs
  • continuous remediation as a daily workflow
Watchdog adds
  • SCA for NuGet & npm — plus IaC, secrets, licences
  • a CycloneDX SBOM, every survey
  • all folded into one CAI, mapped to NIS2 / DORA

Better together: both scan dependencies — Watchdog covers NuGet & npm and emits a CycloneDX SBOM every survey; Snyk goes deeper and broader (Python, Go, containers, fix-PRs). Snyk for remediation depth; Watchdog for the standing, reproducible posture.

Coverity + Watchdog

Coverity's half and Watchdog's half, with a small shared sliver of SAST and security. Coverity's half and Watchdog's half, with a small shared sliver of SAST and security.
Coverity gives you
  • path-sensitive dataflow defect detection
  • C/C++/Java breadth, safety-critical rigor
  • MISRA / CERT compliance
Watchdog adds
  • architecture & domain-intent lenses
  • a deterministic system-level CAI
  • security findings mapped to CWE

Better together: Coverity proves there's no defect on the path; Watchdog proves the subsystem is well-shaped, compliant, and shippable. Coverity speaks MISRA/CERT for C/C++; on .NET, Watchdog maps its security findings to the CWE taxonomy an auditor recognises — emitted in the SARIF so your code-scanning tools show it too.

CodeRabbit + Watchdog

CodeRabbit's half and Watchdog's half with almost no overlap — only style nits shared. CodeRabbit's half and Watchdog's half with almost no overlap — only style nits shared.
CodeRabbit gives you
  • AI review of the PR diff, in the moment
  • conversational, inline comments
  • catches issues as they're written
Watchdog adds
  • a survey of the whole codebase, on a cadence
  • deterministic architecture & maturity
  • compliance + portfolio roll-up + agent tasks

Better together: CodeRabbit catches problems as you write them; Watchdog tells you whether the accumulated system is healthy and your conventions are actually enforced. Different time, different altitude — zero collision.

The findings a scanner can't produce

Real findings, pulled live from published surveys — not a mock-up.

A line-scanner sees a clean file. Watchdog reads the system: domain types leaking across a bounded context, a consumer with no idempotency guard, a projection that assumes in-order delivery. Each card shows the highest-impact verbatim findings from a real published report — the differentiating ones first, with the exact file and line. Open the full survey for the complete list and how each was measured.

zkavtaskin/Domain-Driven-Design-Example 1 / 110
  • Domain Modelling

    Primitive id on a domain type: Cart.CustomerId

    eCommerce/DomainModelLayer/Carts/Cart.cs:22
    DM2
  • Domain Modelling

    Primitive id on a domain type: Customer.CountryId

    eCommerce/DomainModelLayer/Customers/Customer.cs:24
    DM2
  • Domain Modelling

    Aggregate holds a reference to another aggregate: Product.Code

    eCommerce/DomainModelLayer/Products/Product.cs:22
    DM1
  • Domain Modelling

    Primitive id on a domain type: Purchase.CustomerId

    eCommerce/DomainModelLayer/Purchases/Purchase.cs:22
    DM2

Architecture, Domain Modelling, Event-Driven & Event Sourcing lenses — deterministic, file-and-line, never security detail. Browse every published survey →

Honest about the edges

Where we defer.

We'd rather be honest than oversell. Watchdog does not replace deep line-level SAST or dataflow analysis — that's Coverity, Sonar, and Snyk's craft, and we don't pretend to out-depth a dedicated dataflow engine at it. (We do run our own SCA, secret, IaC and SBOM scanning — we just don't claim to out-scan a specialist on line-level dataflow.) We answer a different question, one altitude up, about the same code. We don't certify compliance; our tooling assembles the evidence and a human signs the declaration. And we're read-only by design — we tell you and your agents exactly what to fix, and let you decide. The survey, the CAI, the portfolio view, the governance — that part is ours.