Stop managing security. Start automating it.
Odin gives your team a unified view of every threat, but the real magic is Mjolnir. Our autonomous pentest engine that reads your source code, maps your attack surface, generates test cases, and executes them autonomously.
Autonomous pentesting that lands real exploits
From code to confirmed findings in five steps
Code Analysis
Know your attack surface before attackers do
Huginn automatically finds and monitors your external attack surface around the clock. Nothing slips through unnoticed.
ALB: api-lb-prod
ec2-52.14.90.7
odin.borghq.io
api.borgmail...
staging.borg...
104.21.55.3
s3://borg-backups
internal-admin.borg...
10.0.1.14
docs.borghq.io
Cloudflare
Cloudflare
52.14.82.1
RDP :3389
SSH :22
borghq.io
Integrated Discovery
We connect to your cloud environments to gain visibility into assets which are not directly exposed to the internet.
This allows us in real time to discover internal assets which suddenly become external or which have been ClickOps'ed into production with security misconfigurations.
Integrated discovery works with all major cloud providers.
Passive Discovery
We discover your internet exposed assets such as subdomains, domains and IP addresses.
Using your assets as entry points we're able to discover vulnerabilities in your existing infrastructure on assets you weren't aware of.
We know what you have exposed to the internet, do you?
Ship faster without shipping vulnerabilities
Mjolnir runs deep autonomous pentests across your full application. Gungnir brings the same security intelligence into every pull request, catching vulnerabilities before they merge.
Pull Request
#291
Add /v1/exports endpoint
hans-dev
25.05.2026
Gungnir Review
ANALYSING DIFF IN CONTEXT
0 seconds · 0 files
PR feedback
Gungnir
Priority:
Code-aware micropentest
Not a SAST scanner. Gungnir understands auth flows, API routes, data handling, and how the diff interacts with the rest of the repo.
Where developers already work
Inline PR comments with severity, confidence and a suggested fix. A GitHub check teams can set to block merges or stay informational.
Visible across the organisation
Every review also lands in Odin, for you to analyze findings even deeper, and see Gungnir's reasoning for his suggestions.
Micropentests for every pull request
Gungnir runs automatically when a PR is opened or updated.
It checks whether the change introduces vulnerabilities, weakens existing security controls, exposes sensitive data, or modifies security-critical configuration. Findings are posted as inline PR comments:
- Severity
- Confidence
- Explanation
- Suggested remediation
Gungnir also creates a GitHub check, so teams can choose whether issues should block merges or remain informational.
Built for modern engineering teams
Security should happen where developers already work.
Gungnir gives engineers actionable feedback during code review, while giving security teams visibility inside Odin.
requireAuth protects the route, but requireOrgScope is missing: any authenticated user could read findings from any org.
- Inline security comments on affected lines
- PR-level security summary
- GitHub check status
- Optional merge blocking based on severity
- Central PR review history
- Findings grouped by severity & confidence
- Repository, author, and PR tracking
- Visibility across engineering teams
Mjolnir vs Gungnir
Catch vulnerabilities in real-time before they reach production.
Deep coverage across every vulnerability class
Authentication
- [Session fixation]
- [Token leakage]
- [Password reset]
Authorization
- [IDOR]
- [Priv escalation]
- [BAC]
Injection
- [SQLi]
- [Cmd injection]
- [SSTI]
Data Exposure
- [PII leaks]
- [Redaction]
- [API over-fetch]
SSRF
- [SSRF]
- [Cloud metadata]
- [API over-fetch]
Cross-Site-Scripting
- [Reflected XSS]
- [Stored XSS]
- [DOM XSS]
Business Logic
- [Race conditions]
- [Workflow bypass]
- [Logic flaws]
Configuration
- [Exposed secrets]
- [Misconfig headers]
- [Debug endpoints]
Track, triage, and remediate in one place
Complete Context
1/4Status Lifecycle
2/4Reported → Mitigating → Ready for Retest → Fixed and Retested
Bulk Operations
3/4Flexible Export
4/4
Built into the tools your team already uses
- Linear
- Jira
- GitHub


