Codex use case
Run a deep security scan
Search an authorized repository deeply for plausible vulnerabilities.
Use the Codex Security plugin to run a higher-recall, repository-wide audit that repeats discovery, validates candidates, and produces reviewable report artifacts.
Best for
- Application security reviews of a complete repository that you own or are authorized to assess.
- High-recall reviews where additional runtime and token use are appropriate for finding more candidate issues.
- Security teams that need traceable finding evidence before deciding what to remediate.
Contents
Run a deep security scan
Search an authorized repository deeply for plausible vulnerabilities.
Use the Codex Security plugin to run a higher-recall, repository-wide audit that repeats discovery, validates candidates, and produces reviewable report artifacts.
Use the Codex Security plugin to run a higher-recall, repository-wide audit that repeats discovery, validates candidates, and produces reviewable report artifacts.
Best for
- Application security reviews of a complete repository that you own or are authorized to assess.
- High-recall reviews where additional runtime and token use are appropriate for finding more candidate issues.
- Security teams that need traceable finding evidence before deciding what to remediate.
Skills & Plugins
- Run repeated repository-wide security discovery passes, validate surviving findings, analyze attack paths, and create reviewable reports.
| Skill | Why use it |
|---|---|
| Codex Security:deep Security Scan | Run repeated repository-wide security discovery passes, validate surviving findings, analyze attack paths, and create reviewable reports. |
Starter prompt
Choose a deep repository review
Use a deep scan when you need high-recall vulnerability discovery across a complete repository and can budget for a longer run. The Codex Security plugin repeats discovery passes before validating and prioritizing findings, so this workflow takes more time and tokens than an ordinary scan.
A deep scan is for an entire repository. To review one package or directory,
use $codex-security:security-scan. To review a pull request, commit, branch
diff, or working-tree patch, use
$codex-security:security-diff-scan.
Prepare an authorized scan
- Open the repository in Codex and install the Codex Security plugin.
- Confirm that you own the repository or have authorization to assess it.
- Add repository-specific architecture, trust-boundary, build, test, and validation guidance in
AGENTS.mdwhen it will improve the review. - Run the starter prompt and let the scan complete its repeated discovery, validation, attack-path analysis, and final reporting stages.
- Review the final reports before asking Codex to change code or reproduce a finding further.
Review evidence before remediation
The final result should identify affected locations, why the behavior is reachable, what validation Codex performed, any remaining proof gaps, and a bounded remediation direction. Distinguish findings without validation evidence from validated findings.
Start remediation only for a finding you have selected and reviewed. Use Remediate a vulnerability backlog to fix findings one at a time with focused regression validation.
Related use cases
Scan code changes for security
Use the Codex Security plugin to examine a Git-backed change set, validate plausible...
Audit dependency incidents
Use Codex to turn a public package or supply chain advisory into a read-only audit, then...
Remediate a vulnerability backlog
Bring in approved findings from ticketing tools or vulnerability reporting systems, then use...