Cyberpunk Labs & Rogue Projects

Jan 24, 2026

Omega CodeSec

A code security analysis tool to make managing code security and supply chain risk easy.

Omega CodeSec was born out of my need for better security tooling around my development efforts. Being a one man shop I knew the existing tools on the market were never going to be a fit for me if for no other reason than the cost.

So I decided to build my own, instead.

I admit to having a bit of experience in this area, having been a product manager for this kind of product in the past - so it wasn’t terribly difficult to know what to build… the challenge would be in realizing the vision.

And so - Omega CodeSec was born!

Initially it was conceived as Omega SCA, a software composition analysis tool. This was because my biggest concern at that time was vulnerabilities introduced via dependencies (both direct and transitive) - and with a large number of dependencies in some of my projects it was becoming more and more of a risk and I needed answers. Once I was sufficiently far along with SCA, though, I also determined that SAST would be the next obvious step to provide comprehensive coverage of code security for my projects. I knew with SAST I could do one of two things: Try building my own engine, or use an existing one like Semgrep or CodeQL. I've seen the results of semgrep - it's terrible - and CodeQL added more overhead than I wanted.... so I opted to try building my own engine, which is now Omega SAST.

Key Features

  1. SCA: Track dependencies (direct and transitive) to your software packages
  2. Identify any CVEs impacting your project, and the upgrade path to remediate them
  3. Identify and track licenses for dependencies in your environment, with flagging for non-permissive license types
  4. Detect secrets stored in your code repositories, with guidance on how to remediate.
  5. Generate SBOMs in CycloneDX format for any project
  6. Track change over time to see how your risk exposure changes
  7. Auto-fix dependency issues with the CLI scanner agent (with dry run mode)
  8. SAST: scan your first party code for common weaknesses that impact security and could introduce vulnerabilities.
  9. Full audit log of everything done in the platform

This is one of those projects that I spent more time on than I needed to, mainly because I finally got to build what I wanted to build as a PM years ago. Several of the features included are ones I'm not likely to need or use often, but they're still cool to have. And who knows, if there's enough interest in it I might develop it further and release it to the world.

It was a fun one to build, and does its job very well.