unpwnddocs
Open app

Install the GitHub App

getting startedUpdated Jul 2026

unpwnd reads a repository through a GitHub App — GitHub's own mechanism for granting a third party scoped, revocable access to specific repositories. Installing it is the first step before any audit can run.

What the GitHub App grants

unpwnd's installation requests read-only access to repository contents only — nothing else in your account is touched. It can't push commits, open pull requests, or change repository settings. Tokens minted from the installation are repo-scoped and auto-expiring, not a standing credential left sitting in your account.

Choosing an account or organization

GitHub walks you through the install: pick the account or organization that owns the repository you want to audit, then choose which repositories to grant. Installing a GitHub App is an admin-level action, so you'll need admin access on that account or organization.

Granting one repo or all of them

You can grant a single repository or every repository under that account up front. Either way, unpwnd only ever sees what you've explicitly granted.

Changing or revoking access

Nothing here is permanent. Add or remove repositories, or uninstall the app entirely, any time from your GitHub installed apps settings — revoking takes effect immediately. unpwnd doesn't keep your source after that: only the findings an audit already produced persist, never the code itself.