// use case · open source

Audits for public repos.

Public repositories get cloned, forked, and depended on by people you’ll never meet. unpwnd reads the code the same way an attacker would — before they do.

// why maintainers run it

The review your contributors can’t give you.

Runs on the code, not the contributor

Anyone can open a pull request. unpwnd audits the repository itself, independent of who’s contributing this week — on a per-project cadence you choose, with a next-scan indicator.

Signal, not a linter wall

Findings are traced source→sink and deduped by fingerprint, so a maintainer’s limited time goes to what’s real.

Public by default, secured by default

The same read-only, ephemeral auditor either way — no extra setup for a public repo, no exception for a private one.

// point it at a repo

Give your contributors a real review.

Connect a repository and get a traced, fixable security audit back in minutes.

Open source · unpwnd