Independent software appraisal — by the makers of Watchdog
You'd never buy a house on the seller's word.
You'd commission your own survey. Assay does the same for software: it turns an independent, reproducible Codebase Assurance Index survey into a decision you can defend — to a board, a committee, or a court. To assay: to determine an asset's true worth.
Bring the repo, or open a survey a supplier already shared with you. A measurement, not an opinion.
What you learn
Verify the software you can't read.
Software is usually the largest asset in the deal — and the only one nobody appraises. Assay reads it for you and hands back the numbers a decision actually needs.
A verdict on code you can't inspect
One independent, reproducible 0–100 Codebase Assurance Index for the whole codebase — architecture, maturity, security and risk in one number, with every deduction traceable to the rule that fired.
The board-level numbers
Key-person and bus-factor risk — which modules depend on one person — and replacement/rebuild cost, both read deterministically from the git history. The two figures procurement and diligence miss most.
Trusted by both sides
Commissioned by one side, trusted by both — because the method is open. The algorithm, lenses and rubric are public, so the number isn't the seller's marketing and isn't ours to bend.
0–100
one reproducible index for the whole codebase
71→76
comparable from LOI to close — rubric frozen for the deal
€0
the evidence copy a supplier shares with you is free
Ed25519
signed, tamper-evident evidence — not editable by the sharer
Independent & neutral by structure
The measurer never sits at the table.
An appraisal is only worth something because the appraiser has no stake in the result — and because you can check the work yourself.
Never a delivering party
Assay builds nobody's software and never sits on either side of the contract. No success fees — revenue is the engagement, identical whether the verdict flatters or hurts. We sell the thermometer, never the treatment.
The same rubric, whoever pays
The report doesn't know who holds the subscription. Identical dimensions, thresholds and scoring logic for seller and buyer — which is what lets you write CAI ≥ 80 into a tender and mean it.
Verify any number yourself
You don't have to trust the seller, or us. Take the evidence behind a survey, run the open scorer, and you get the same number — or you've found a discrepancy.
Who it's for
Start where you stand. I'm a…
Pick the hat you're wearing — each page frames the appraisal for your situation.
Buyer or procurement
Verify software I can't read. Write "Supplier shall deliver a CAI ≥ 80" into the tender and check it at delivery.
Acquirer, investor or insurer
Appraise the asset: data-room due diligence and software-as-collateral for the balance sheet.
Software owner
Know the condition of the asset I own — how good, what it's worth, what to raise with my team — in plain language.
Compliance or regulated
Prove it's audit-defensible: measured, gated conformance across NIS2, DORA, GDPR and more, in a signed pack.
Decision-maker
Is the asset sound? What's the risk? A plain-language position, the money at risk, and whether it clears my bar.
Building software, not buying it? The scanner side lives on watchdog.canine.dev.
Trust
The code never leaves controlled hands.
EU data residency
Processed only on hardware we own in Denmark — no cloud provider in the path.
No third-party AI
The language model is self-hosted; the code is never sent to OpenAI, Anthropic or Google.
Source never persisted
Each scan clones, analyses, then deletes the working copy — and we never train on the code.
Read-only by doctrine
We measure and advise; we never commit, push, or edit anyone's code.
Software is the only seven-figure asset you run without an appraisal. Get one.
Bring the repo, or open a survey a supplier already shared with you — either way, you end with a decision you can defend.
Sales-led · priced per engagement, never by lines of code · a person replies, from the EU.