Codex use case
Run a deep security scan
Search an authorized repository deeply for plausible vulnerabilities.
Use the Codex Security plugin to run a higher-recall, repository-wide audit that repeats discovery, validates candidates, and produces reviewable report artifacts.
Best for
- Application security reviews of a complete repository that you own or are authorized to assess.
- High-recall reviews where additional runtime and token use are appropriate for finding more candidate issues.
- Security teams that need traceable finding evidence before deciding what to remediate.
Contents
Run a deep security scan
Search an authorized repository deeply for plausible vulnerabilities.
Use the Codex Security plugin to run a higher-recall, repository-wide audit that repeats discovery, validates candidates, and produces reviewable report artifacts.
Use the Codex Security plugin to run a higher-recall, repository-wide audit that repeats discovery, validates candidates, and produces reviewable report artifacts.
Best for
- Application security reviews of a complete repository that you own or are authorized to assess.
- High-recall reviews where additional runtime and token use are appropriate for finding more candidate issues.
- Security teams that need traceable finding evidence before deciding what to remediate.
Skills & Plugins
- Run repeated repository-wide security discovery passes, validate surviving findings, analyze attack paths, and create reviewable reports.
| Skill | Why use it |
|---|---|
| Codex Security:deep Security Scan | Run repeated repository-wide security discovery passes, validate surviving findings, analyze attack paths, and create reviewable reports. |
Starter prompt
Choose a deep repository review
Use a deep scan when you need high-recall vulnerability discovery across a complete repository and can budget for a longer run. The Codex Security plugin repeats discovery passes before validating and prioritizing findings, so this workflow takes more time and tokens than an ordinary scan.
A deep scan is for an entire repository. To review one package or directory,
use $codex-security:security-scan. To review a pull request, commit, branch
diff, or working-tree patch, use
$codex-security:security-diff-scan.
Prepare an authorized scan
- Open the repository in Codex and install the Codex Security plugin.
- Confirm that you own the repository or have authorization to assess it.
- Add repository-specific architecture, trust-boundary, build, test, and validation guidance in
AGENTS.mdwhen it will improve the review. - Run the starter prompt and let the scan complete its repeated discovery, validation, attack-path analysis, and final reporting stages.
- Review the final reports before asking Codex to change code or reproduce a finding further.
Review evidence before remediation
The final result should identify affected locations, why the behavior is reachable, what validation Codex performed, any remaining proof gaps, and a bounded remediation direction. Distinguish findings without validation evidence from validated findings.
Start remediation only for a finding you have selected and reviewed. Use Remediate a vulnerability backlog to fix findings one at a time with focused regression validation.
Related use cases
Scan code changes for security
Use the Codex Security plugin to examine a Git-backed change set, validate plausible...
Add evals to your AI application
Ask Codex to inspect your AI application, identify the behavior you want to evaluate, and...
Audit dependency incidents
Use Codex to turn a public package or supply chain advisory into a read-only audit, then...