// use case · open source
Audits for public repos.
Public repositories get cloned, forked, and depended on by people you’ll never meet. unpwnd reads the code the same way an attacker would — before they do.
// why maintainers run it
The review your contributors can’t give you.
Runs on the code, not the contributor
Anyone can open a pull request. unpwnd audits the repository itself, independent of who’s contributing this week — on a per-project cadence you choose, with a next-scan indicator.
Signal, not a linter wall
Findings are traced source→sink and deduped by fingerprint, so a maintainer’s limited time goes to what’s real.
Public by default, secured by default
The same read-only, ephemeral auditor either way — no extra setup for a public repo, no exception for a private one.
// point it at a repo
Give your contributors a real review.
Connect a repository and get a traced, fixable security audit back in minutes.