Skip to content
Where Watchdog fits

The surveyor sits above your scanners — not beside them.

Watchdog isn't another line-level scanner competing for the same slot. It's an independent survey one altitude up: it reads your whole product and issues a single, reproducible Codebase Assurance Index (CAI) your engineers, your agents, and your auditor can act on. Keep every tool you already run — Watchdog answers the question none of them do.

C#/.NET · a measurement, not an opinion.

The boundary

What Watchdog is — and isn't.

What it is not

  • Not a CI scanner or linterNever scores a line or blocks a merge.
  • Not a SAST / dataflow engineReads their signal; doesn't out-depth one.
  • Not a coding agentNever edits, commits, pushes or opens a PR.
  • Not a certifierRecords the evidence; a named human signs.

What it is

  • An independent surveyorOne altitude above your scanners.
  • One reproducible CAISigned, commit-pinned — re-runs to the same number.
  • A read-only oracleServes every finding to your agent over MCP.
  • A whole-system surveyArchitecture, maturity, compliance & risk in one report.
Altitude decides the job

Specialists hold the line. The surveyor judges the system.

The tools you already run are specialists — each owns one column of concern, down at the line or the file. Climb to the module, the system, the whole portfolio and the job changes: it becomes synthesis. Is the architecture sound? Is it maturing? Can you prove it's compliant? That's the altitude Watchdog was built for — and one measurement is read at every altitude: a board sees a single CAI, an architect sees the failing lens, an engineer — or their coding agent — gets the exact file, line and fix.

Same repos. Two scopes of view.

A scanner reviews one repo, or one pull request. Watchdog reviews the product — every repo you ship as a unit, decomposing a monorepo into a CAI per deployable service: each service scored by the same lenses as the whole product, then rolled up into one whole-product survey.

Honest about the bottom floor

At the line and the pull request Watchdog defers to the specialists. It reads their output and places it in the system picture; it never replaces a deep SAST engine or your live IDE lint.

Read it as altitude and job, not a ranking — not a scoreboard. Every other tool here is scoped to a repo or a diff; Watchdog is scoped to the thing you actually ship.

Why it earns that altitude

Four things — the first is the one no scanner can claim.

Deterministic

Same code in, same CAI out under the same rubric and advisory data — re-run the survey and the number holds. That's what makes a trend real, a contract floor you can set and verify at each scheduled scan, and a compliance number an auditor can rely on.

How the rubric works →

Architecture- & intent-aware

Conditional lenses for DDD, event-driven and event-sourced designs, ADR conformance, and a maturity ladder. Watchdog surveys what the code is *trying to be* — not just what it literally says.

One survey across the product

Every repo you ship together — down to the services inside a monorepo — rolls up into one CAI, with each repo's compliance declaration bundled in. Not a pile of disconnected per-repo reports.

Independent & read-only

Watchdog never edits your code and never certifies you — it assembles the evidence; a human signs. The measurer never sits at the table.

The one true peer

SIG & Watchdog — the same kind of verdict.

Two routes to the same independent verdict

The Software Improvement Group pioneered the independent, board-grade software survey — a benchmarked model delivered through a consulting engagement, and it's excellent. Watchdog issues the same kind of independent verdict by a different mechanism: a deterministic, reproducible rubric you run yourself — continuously, the same day you ask, from a single team to a whole portfolio. Same altitude; self-serve where SIG is high-touch.

What you'd otherwise reach for

The real alternatives — and why the survey beats each.

When a team or a buyer skips Watchdog, it isn't for another scanner — it's for one of these.

The DIY stack

SonarQube + a tech lead's judgement + a spreadsheet. It works — until the tech lead leaves or the spreadsheet is the only place the verdict lives. Watchdog is that exact stack, made reproducible, independent and signable — the rubric outlives the person.

A commissioned manual review

A consultancy reads the code for a fortnight and writes a verdict. Watchdog issues the same kind of verdict deterministically, the day you ask — and re-issues it every scan instead of once, so the trend is real.

Technical due-diligence

The M&A equivalent: excellent, billed per engagement, frozen the day they stop reading. Watchdog gives a CAI comparable from LOI to close, re-derivable by your own advisors from the code itself.

For acquirers → Assay
Keep your stack

Your scanners are instruments. Watchdog is the survey.

A surveyor doesn't compete with the moisture meter — it reads the instruments and writes the report a buyer can act on. Your scanners live one altitude below the survey and feed it: Watchdog reads the same signals, adds architecture, domain-intent and git-history dimensions of its own, and rolls them into one reproducible CAI. Keep every one of them — none is a competitor, and none is a peer.

If you need…Reach for…Watchdog's role
Catch a bad line the moment it's writtenSonarQube / Coverity (IDE & CI)Reads their signal, scores it into the system verdict
Drive a dependency graph by handNDependFolds an IL-bloat signal into a reproducible CAI
The deepest behavioural / social analysisCodeSceneIts own hotspots + bus-factor, scored, served to any agent
The deepest SCA / fix-PRsSnykNuGet + npm SCA + a CycloneDX SBOM every scan, mapped to NIS2 / DORA
An independent, board-grade verdictSIG (consulting) or Watchdog (self-serve)The same job, run on demand
To replace the spreadsheet, a manual audit, or tech-DDWatchdogThat *is* the job

Keep every tool above — none is a rival. The bottom row is the one Watchdog owns.

Better together

Per-tool deep-dives — what each gives you, what Watchdog adds.

SonarQube + Watchdog

Sonar gives breadth across 30+ languages, thousands of line rules + dataflow SAST, a live IDE gate. Watchdog adds architecture & maturity scored into the CAI deterministically, one portfolio roll-up instead of per-repo noise, signed compliance + agent-actionable tasks. It never re-scans the line — it works one altitude up.

NDepend + Watchdog

NDepend gives deep dependency graphs & matrices, custom CQLinq rules, IL-level metrics, hands-on inspection in Visual Studio. Watchdog adds its own IL-level read — emitted-IL method bloat (Mono.Cecil) scored into the CAI — plus a C4 architecture map coloured by health, domain-intent lenses and the agent loop. An instrument, not a peer: NDepend is the microscope an engineer drives by hand.

CodeScene + Watchdog

CodeScene gives the deepest behavioural & social analysis and ACE auto-refactoring. Watchdog adds its own hotspots, change-coupling & bus-factor folded into the score, a deterministic CAI, and every finding served to your coding agent over MCP. The remediation split is open vs closed: CodeScene fixes inside its own ACE engine; Watchdog stays read-only and hands every finding to whatever agent you already run — then re-measures.

Snyk + Watchdog

Snyk gives the deepest SCA database, the broadest ecosystems, container & registry scanning, automated fix-PRs. Watchdog adds SCA for NuGet & npm plus IaC, secrets, licences; a CycloneDX SBOM every survey; all folded into one CAI mapped to NIS2 / DORA. Snyk for remediation depth; Watchdog for the standing, reproducible posture.

Coverity + Watchdog

Coverity gives path-sensitive dataflow defect detection, C/C++/Java breadth, safety-critical rigor, MISRA / CERT compliance. Watchdog adds architecture & domain-intent lenses and a deterministic system-level CAI — on .NET, its security findings map to the CWE taxonomy an auditor recognises, emitted in the SARIF so your code-scanning tools show it too.

CodeRabbit + Watchdog

CodeRabbit gives AI review of the PR diff in the moment — conversational inline comments, issues caught as written. Watchdog adds a survey of the whole codebase on a cadence, deterministic architecture & maturity, compliance + portfolio roll-up + agent tasks. Different time, different altitude — zero collision.

Honest about the edges — where we deferWe'd rather be honest than oversell. Watchdog does not replace deep line-level SAST or dataflow analysis — that's Coverity, Sonar, and Snyk's craft, and we don't pretend to out-depth a dedicated dataflow engine at it. (We *do* run our own SCA, secret, IaC and SBOM scanning — we just don't claim to out-scan a specialist on line-level dataflow.) We answer a different question, one altitude up. We don't certify compliance; our tooling assembles the evidence and a human signs the declaration. And we're read-only by design. The survey, the CAI, the portfolio view, the governance — that part is ours.

They hold the line. Watchdog judges the system.

Sign in with GitHub · no card · C#/.NET · the first full report is €0.