You'd never buy a house on the seller's word.
You'd commission your own survey. Assay does the same for software: it turns an independent, reproducible Codebase Assurance Index survey into a decision you can defend — to a board, a committee, or a court. To assay: to determine an asset's true worth.
Bring the repo, or open a survey a supplier already shared with you. A measurement, not an opinion.
A sample evidence artifact — dated, signed, verifiable. Not editable by the party who shares it.
Verify the software you can't read.
Software is usually the largest asset in the deal — and the only one nobody appraises. Assay reads it for you and hands back the numbers a decision actually needs.
A verdict on code you can't inspect
One independent, reproducible 0–100 Codebase Assurance Index for the whole codebase — architecture, maturity, security and risk in one number, with every deduction traceable to the rule that fired.
The board-level numbers
Key-person and bus-factor risk — which modules depend on one person — and replacement/rebuild cost, both read deterministically from the git history. The two figures procurement and diligence miss most.
Trusted by both sides
Commissioned by one side, trusted by both — because the method is open. The algorithm, lenses and rubric are public, so the number isn't the seller's marketing and isn't ours to bend.
The measurer never sits at the table.
An appraisal is only worth something because the appraiser has no stake in the result — and because you can check the work yourself.
Never a delivering party
Assay builds nobody's software and never sits on either side of the contract. No success fees — revenue is the engagement, identical whether the verdict flatters or hurts. We sell the thermometer, never the treatment.
The same rubric, whoever pays
The report doesn't know who holds the subscription. Identical dimensions, thresholds and scoring logic for seller and buyer — which is what lets you write CAI ≥ 80 into a tender and mean it.
Verify any number yourself
You don't have to trust the seller, or us. Take the evidence behind a survey, run the open scorer, and you get the same number — or you've found a discrepancy.
Verify a survey →Start where you stand. I'm a…
Pick the hat you're wearing — each page frames the appraisal for your situation.
Buyer or procurement
Verify software I can't read. Write "Supplier shall deliver a CAI ≥ 80" into the tender and check it at delivery.
For buyers →Acquirer, investor or insurer
Appraise the asset: data-room due diligence and software-as-collateral for the balance sheet.
For acquirers →Software owner
Know the condition of the asset I own — how good, what it's worth, what to raise with my team — in plain language.
For owners →Compliance or regulated
Prove it's audit-defensible: measured, gated conformance across NIS2, DORA, GDPR and more, in a signed pack.
For compliance →Decision-maker
Is the asset sound? What's the risk? A plain-language position, the money at risk, and whether it clears my bar.
For decision-makers →Building software, not buying it? The scanner side lives on watchdog.canine.dev.
The code never leaves controlled hands.
EU data residency
Processed only on hardware we own in Denmark — no cloud provider in the path.
No third-party AI
The language model is self-hosted; the code is never sent to OpenAI, Anthropic or Google.
Source never persisted
Each scan clones, analyses, then deletes the working copy — and we never train on the code.
Read-only by doctrine
We measure and advise; we never commit, push, or edit anyone's code.
Software is the only seven-figure asset you run without an appraisal. Get one.
Bring the repo, or open a survey a supplier already shared with you — either way, you end with a decision you can defend.
Sales-led · priced per engagement, never by lines of code · a person replies, from the EU.