unpwnddocs
Open app

How the swarm explores your repo

conceptsUpdated Jul 2026

unpwnd doesn't scan a repository with a fixed rule list — it explores it with a swarm of agents that read the code the way an attacker would.

Following data, not patterns

Rather than grepping for suspicious-looking strings, the swarm follows how data actually moves — across files and functions — from where it enters the code to where it's used. That's what surfaces issues that only show up once you connect the dots between files, not just within a single one.

Nothing is reported without proof

A potential issue is only surfaced once it's been traced end-to-end — from where untrusted input enters to the operation it reaches — so what you see in the dashboard is a demonstrated path, not an unconfirmed guess. See Source → sink traces for what that trace looks like.

The clone the swarm reads from is read-only and ephemeral — see Connect your first repository for exactly what's granted and retained.