Connect your first repository
unpwnd audits a repository by cloning it read-only, then turning a swarm of agents loose to find vulnerabilities and prove each one. Here's how to connect the first repo and kick off that first audit.
Before you start
You'll need a GitHub account with admin access to the repository you want to audit — installing a GitHub App is an admin-level action. A repo of any size works; unpwnd scales the swarm to fit.
Install the GitHub App
From the dashboard, open Import repository and choose Connect GitHub. GitHub walks you through installing the unpwnd app on your account or organization.
- Open the dashboardSign in at unpwnd.com and press
Import repoin the top bar. - Install the GitHub AppChoose the account or organization that owns the repository.
- Pick which repos to grantGrant a single repo or all of them — you can change this any time on GitHub.
Grant read-only access
unpwnd requests the narrowest scope that still lets it clone: read-only contents. It never asks for write access, and it can't push, open pull requests, or change settings. Revoke it whenever you like from your GitHub installed apps.
What happens next
The moment a repo is connected, unpwnd dispatches its first full audit. Findings stream in as agents prove them — you don't wait for the whole run to finish to see the first result.
› clone acme/checkout-api read-only · shallow · ephemeral
✓ cloned — 1,204 files, 86k LOC
› swarm dispatched — 12 agents walking the code graph
✓ traced CRITICAL SQL injection routes/pay.ts:88 → db/query.ts:14
✓ traced HIGH SSRF lib/fetch.ts:31
› auditing… findings appear in the dashboard as they're proven
When the run settles, open Read your first audit to learn how to read a finding, follow its source → sink trace, and copy the paste-ready fix.