I've spent the last decade working with engineering teams in large orgs. The same frustration kept surfacing everywhere: we're shipping faster than ever, but are our practices actually improving — or are we just getting better at building on sand?
Branch protection ignored. Shallow PR reviews. Secrets slipping through. No reliable rollbacks. Architecture decisions buried in Slack threads nobody can find six months later. These gaps hurt at normal pace. They bite hard when velocity spikes. Then when compliance asks for change management evidence, the answer is always the same scramble — surveys, spreadsheets, things nobody quite believes.
So I built Concordance. Connect read-only to GitHub, GitLab, Bitbucket, Linear, or Jira. Under 2 minutes. It scores real artifacts (commits, PRs, branches, workflows, issues) against a 50-standard SDLC framework across 6 phases from Requirements to Operations. Metadata and configuration only (never your source code), no cloning, no file contents read. No questionnaires, no self-scoring. Just what your toolchain actually shows.
First team is free: up to 5 repos, all 50 standards, no credit card, no sales call.
getconcordance.com
One thing I'd specifically like feedback on:
The AI Sentinel layer detects Copilot, Cursor, Claude Code, Amazon Q, Kira usage, then flags standards at elevated risk when AI accelerates output. Curious whether that framing resonates with teams actually using these tools day to day.
Solo founder. Bootstrapping this while working full-time. The methodology comes from watching what repeatedly breaks at scale — not from a handed-down framework.
Two honest questions for eng leaders and platform teams:
- Does the 50-standard set miss anything you'd actually care about in 2026?
- Are there setups where evidence-based scoring breaks down — monorepos, heavy squash merges, that kind of thing?
Happy to go into the weeds on any of it and thanks for taking a look.