Codex use case
Scan code changes for security
Review a pull request or local diff for security regressions.
Use the Codex Security plugin to examine a Git-backed change set, validate plausible security regressions, and produce an evidence-based report before merge.
Best for
- Pull requests that touch authentication, authorization, parsing, file access, secrets, or privileged workflows.
- Release branches or local patches that need a security-focused check before merge.
- Reviewers who need findings anchored to changed code and directly supporting files.
Contents
Scan code changes for security
Review a pull request or local diff for security regressions.
Use the Codex Security plugin to examine a Git-backed change set, validate plausible security regressions, and produce an evidence-based report before merge.
Use the Codex Security plugin to examine a Git-backed change set, validate plausible security regressions, and produce an evidence-based report before merge.
Best for
- Pull requests that touch authentication, authorization, parsing, file access, secrets, or privileged workflows.
- Release branches or local patches that need a security-focused check before merge.
- Reviewers who need findings anchored to changed code and directly supporting files.
Skills & Plugins
- Review a pull request, commit, branch diff, or working-tree patch for security regressions with validation and attack-path evidence.
| Skill | Why use it |
|---|---|
| Codex Security:security Diff Scan | Review a pull request, commit, branch diff, or working-tree patch for security regressions with validation and attack-path evidence. |
Starter prompt
Review the change instead of the whole repository
Use a security diff scan when a pull request, commit, branch, or local patch changes a sensitive code path. The Codex Security plugin uses repository context to understand the change, then keeps finding discovery and validation focused on the diff and directly supporting code.
This workflow complements ordinary code review. Use it when you want evidence about security regressions, not a general style or test review.
Run a focused pass
- Open the repository and check out or describe the exact Git-backed change set to review.
- Install the Codex Security plugin and specify the pull request, commit, branch diff, or working-tree patch in the starter prompt.
- Name high-risk surfaces in the change, such as authentication, parsers, file paths, network requests, or credential handling.
- Run the prompt without requesting a fix so the first result remains a review artifact.
- Check each reported affected line, validation result, and stated proof gap before deciding whether to remediate.
Follow through on a finding
A useful report distinguishes a reachable, supported security finding from a suspicion that still needs confirmation and can include Codex app review directives for affected lines. For an actionable result, open a new bounded fix task with the finding identifier or the relevant report section. See Remediate a vulnerability backlog for the fix-and-validation loop.
Related use cases
Run a deep security scan
Use the Codex Security plugin to run a higher-recall, repository-wide audit that repeats...
Add evals to your AI application
Ask Codex to inspect your AI application, identify the behavior you want to evaluate, and...
Audit dependency incidents
Use Codex to turn a public package or supply chain advisory into a read-only audit, then...