Crash Override
Home / Blog / Security /

Out-of-Band, In Control: Why We Built Ocular

By Bryce Thuilot

Out-of-Band, In Control: Why We Built Ocular

Ocular is a flexible, open-source platform for scalable security scanning beyond your CI/CD system.

Today’s software development culture prizes speed, shipping things early, deploying often, and iterating fast. This mindset has fueled massive innovation and competitive advantage, but it’s also created real friction for security teams. As code moves faster and changes more frequently, traditional “end-of-cycle” security testing has shifted left, embedding into CI/CD pipelines via automated scanners. This shift has improved early detection of vulnerabilities, secrets, and misconfigurations, giving developers more confidence to release quickly without sacrificing too much risk tolerance. 

The Hidden Cost of CI/CD-Integrated Scanning 

While “shift left” scanning has clear benefits, scaling it across a modern engineering organization is another story. AppSec teams often face a fragmented landscape of teams, pipelines, languages, and tools, each with their own autonomy and preferences. Integrating scanners directly into every CI/CD flow becomes complex, brittle, and hard to maintain. 

Even lightweight scanners can fail unexpectedly or trigger false positives, stalling pipelines and frustrating developers. Updates to scanning rules or new tooling require widespread coordination and can break otherwise functional workflows. As a result, security often ends up choosing between accuracy and velocity, rarely getting both. 

How should organizations approach scanning at scale? 

At Crash Override, we believe most scanners should run out-of-band, on an execution platform purpose-built for AppSec engineers. CI/CD-integrated scanning has its place, but only for the fastest, most fault-tolerant tools with extremely high-accuracy rules.

Running scanners outside the CI/CD pipelines gives AppSec teams full control to test new tools, fine-tune detection logic, and iterate without breaking developer workflows. It decouples experimentation from delivery, making security more adaptable without becoming a bottleneck. 

Introducing Ocular 

To solve this, we built Ocular, a Kubernetes-native API built to orchestrate security scanning at scale.

Ocular originated at Blackstone, born from firsthand experience navigating the challenges of scanning in complex engineering environments. It’s designed to be both low-friction and deeply customizable, giving security teams an execution platform that adapts to their needs without imposing on developers.

Scans can be triggered on a schedule or launched ad-hoc via API, making it easy to integrate existing workflows and respond to emerging threats. 

A Modular Architecture for Maximum Flexibility

When designing Ocular, we identified four key components needed to run any scan and built the system to configure each as a container. 

  • Crawler: discovers what to scan (e.g. GitHub orgs, container registries) 
  • Downloader: fetches targets into the scanning environment (e.g. git clone, docker pull) 
  • Scanner: executes analysis using configurable tools and settings (e.g. custom command line arguments, environment variables) 
  • Uploader: delivers results to third-party systems (e.g. S3, webhooks, databases) 

Each of these components runs as a container image, giving teams complete control over how targets are sourced, scanned, and where results are sent. Ocular makes no assumptions about your tools, it just runs what you give it.

Ocular’s API exposes five core resource types. These define how scanners operate, what they run against, and where results go; all through container-based logic. 

A Modular Architecture for Maximum Flexibility.png

Two Ways to Scan

These resources can be mixed, matched, and reused, giving teams total flexibility to scale scanning across varied environments without hardcoding logic into pipelines. 

Ocular executes scans in two distinct modes, Pipelines and Searches, both powered by the resources defined above.

Two Ways to Scan.png

A Platform for Builders, Not Buyers 

Ocular is built on containers so that anyone, from a single engineer to an entire AppSec team, can create custom, pluggable components that fit their environment. While we include defaults for common use cases, every part of the system is designed for deep customization and integration with your existing tools, pipelines, and vulnerability tracking systems. 

This isn’t a security product with baked-in opinions. It’s a tooling platform for security engineers, one that gives you full control over how scans run, what they look for, and where results go. Ocular doesn’t tell you how to do your job; it gives you the power to do it better.

We’re releasing much of Ocular as open-source to support the broader security community. Whether you’re measuring risk, identifying patterns, or building research pipelines, we built Ocular to help you move fast, stay flexible, and keep controls 

Ready to give it a shot? Check out the Product Documentation or star us on GitHub 

Crash Override
Subscribe to our newsletter

Practical insights, sharp takes, and tactical guidance for engineering and security leaders.

© 2025, Crash Override Inc.Cookie PolicyPrivacy PolicyData Subject Access Request