Autonomous engineering · mission control
Your repo never sleeps alone.
Umbra is an autonomous AI engineering team for your GitHub repo. Sign in and the night crew hunts CVEs, traces incidents, reviews risk, and answers your codebase — then hands you the morning report.
Real OAuth — GitHub unlocks live scans of your own repositories.
Threat radar
Attack surface
Dependency
exposure
The night crew
Five specialists. One quiet shift.
Hunts CVEs in your dependencies with live OSV advisories.
Scores blast-radius and risk on every open pull request.
Traces incidents to the root-cause commit from real git history.
Clears dead code and quiet tech debt in a disposable checkout.
Answers questions about your codebase, grounded in real refs.
How it works
Sign in. Point at a repo. Read the morning report.
Sign in
Continue with GitHub or Google. GitHub connects your own public and private repositories.
Point at a repo
Pick one of your repos. The night crew fans out — CVEs, git history, code retrieval — in parallel.
Read the morning report
Every finding is grounded and labelled with what produced it. No fabricated results, ever.
Meet the team
Built by one engineer, for every engineer.
In ChatGPT
Talk to Umbra from ChatGPT.
Umbra ships as a ChatGPT plugin / GPT Action. Ask it to scan a repo, investigate an incident, or explain a codebase — grounded in real OSV and git data, never invented. No sign-in required; the read-only actions are public.
“Scan github.com/expressjs/express” → Umbra Score + live CVEs.
Paste an error → the root-cause commit from real git history.
“How does routing work?” → an answer with real file:line references.