Codex use case
Run a deep security scan
Search an authorized repository deeply for plausible vulnerabilities.
Use the Codex Security plugin to run a more comprehensive audit of a repository or scoped folder that repeats discovery, validates candidates, and produces reviewable coverage and findings.
Best for
- Application security reviews of a repository or component that you own or are authorized to assess.
- More comprehensive reviews where additional runtime and token use are appropriate for finding more candidate issues.
- Security teams that need traceable finding evidence before deciding what to remediate.
Contents
Run a deep security scan
Search an authorized repository deeply for plausible vulnerabilities.
Use the Codex Security plugin to run a more comprehensive audit of a repository or scoped folder that repeats discovery, validates candidates, and produces reviewable coverage and findings.
Use the Codex Security plugin to run a more comprehensive audit of a repository or scoped folder that repeats discovery, validates candidates, and produces reviewable coverage and findings.
Related links
Best for
- Application security reviews of a repository or component that you own or are authorized to assess.
- More comprehensive reviews where additional runtime and token use are appropriate for finding more candidate issues.
- Security teams that need traceable finding evidence before deciding what to remediate.
Skills & Plugins
- Run repeated discovery passes over a repository or scoped folder, validate surviving findings, analyze attack paths, and generate reviewable artifacts.
| Skill | Why use it |
|---|---|
| Codex Security:deep Security Scan | Run repeated discovery passes over a repository or scoped folder, validate surviving findings, analyze attack paths, and generate reviewable artifacts. |
Starter prompt
Choose a deep repository review
Use a deep scan when you need a more comprehensive vulnerability review across a repository or explicit folder and can budget for a longer run. The Codex Security plugin repeats discovery passes before validating and prioritizing findings, so this workflow takes more time and resources than an ordinary scan.
A deep scan can review an entire repository or one explicitly named package or directory. To review a pull request, commit, branch diff, or working-tree patch, use $codex-security:security-diff-scan.
Prepare an authorized scan
- Open the repository in Codex and complete the Codex Security plugin quickstart.
- Confirm that you own the repository or have authorization to assess it.
- Add repository-specific architecture, trust-boundary, build, test, and validation guidance in
AGENTS.mdwhen it will improve the review. - Run the starter prompt and let the scan complete its repeated discovery, validation, attack-path analysis, and final reporting stages.
- Review the findings workspace and any proof gaps before asking Codex to change code or reproduce a finding further.
Review evidence before remediation
The final result should identify affected locations, why the behavior is reachable, what validation Codex performed, any remaining proof gaps, and a bounded remediation direction. Distinguish findings without validation evidence from validated findings.
Start remediation only for a finding you have selected and reviewed. Use Remediate a vulnerability backlog to fix findings one at a time with focused regression validation.
For setup, preflight, scoped targets, and runtime expectations, see Run a deep security scan.
Related use cases
Scan code changes for security
Use the Codex Security plugin to examine a Git-backed change set, validate plausible...
Audit dependency incidents
Use Codex to turn a public package or supply chain advisory into a read-only audit, then...
Remediate a vulnerability backlog
Bring in approved findings from ticketing tools or vulnerability reporting systems, then use...