1# Security – Codex1# Security – Codex
2 2
3Codex Security helps engineering and security teams find, validate, and remediate likely vulnerabilities in connected GitHub repositories.3[Install plugin in Codex App](https://chatgpt.com/plugins/share/676aca3811d54fa7bcdef5255236b3c4)
4 4
5This page covers Codex Security, the product that scans connected GitHub5For installation steps, supported skills, and review boundaries, see the
6repositories for likely security issues. For Codex sandboxing, approvals,6[Codex Security plugin guide](https://developers.openai.com/codex/security/plugin).
7
8### Explore plugin use cases
9
10- [Run a deep security scan](https://developers.openai.com/codex/use-cases/deep-security-scan) to perform a higher-recall repository-wide audit.
11- [Scan code changes for security](https://developers.openai.com/codex/use-cases/scan-code-changes-for-security) before you merge a pull request or branch.
12- [Remediate a vulnerability backlog](https://developers.openai.com/codex/use-cases/remediate-vulnerability-backlog) with bounded fixes for approved findings.
13
14The plugin runs in your Codex thread. Codex Security cloud scans connected
15GitHub repositories through Codex Web. For Codex sandboxing, approvals,
7network controls, and admin settings, see [Agent approvals &16network controls, and admin settings, see [Agent approvals &
8security](https://developers.openai.com/codex/agent-approvals-security).17security](https://developers.openai.com/codex/agent-approvals-security).
9 18
19## Codex Security cloud
20
21Codex Security cloud is currently in research preview. It scans connected
22GitHub repositories for likely security issues.
23
10It helps teams:24It helps teams:
11 25
121. **Find likely vulnerabilities** by using a repo-specific threat model and real code context.261. **Find likely vulnerabilities** by using a repo-specific threat model and real code context.
132. **Reduce noise** by validating findings before you review them.272. **Reduce noise** by validating findings before you review them.
143. **Move findings toward fixes** with ranked results, evidence, and suggested patch options.283. **Move findings toward fixes** with ranked results, evidence, and suggested patch options.
15 29
16## How it works30## How Codex Security cloud works
17 31
18Codex Security scans connected repositories commit by commit.32Codex Security scans connected repositories commit by commit.
19It builds scan context from your repo, checks likely vulnerabilities against that context, and validates high-signal issues in an isolated environment before surfacing them.33It builds scan context from your repo, checks likely vulnerabilities against that context, and validates high-signal issues in an isolated environment before surfacing them.
24- validation evidence that helps reduce false positives38- validation evidence that helps reduce false positives
25- suggested fixes you can review in GitHub39- suggested fixes you can review in GitHub
26 40
27## Access and prerequisites41## Codex Security cloud access and prerequisites
28 42
29Codex Security works with connected GitHub repositories through Codex Web. OpenAI manages access. If you need access or a repository isn’t visible, contact your OpenAI account team and confirm the repository is available through your Codex Web workspace.43Codex Security is available for ChatGPT Enterprise, Edu, Business, and Pro users. It works with connected GitHub repositories through Codex Web. If you need access or a repository isn’t visible, confirm the repository is available through your Codex Web workspace or contact your OpenAI account team.
30 44
31## Related docs45## Related docs
32 46
33- [Codex Security setup](https://developers.openai.com/codex/security/setup) covers setup, scanning, and findings review.47- [Codex Security plugin guide](https://developers.openai.com/codex/security/plugin) covers local repository and diff-review workflows in Codex.
34- [FAQ](https://developers.openai.com/codex/security/faq) covers common product questions.48- [Codex Security cloud setup](https://developers.openai.com/codex/security/setup) covers setup, scanning, and findings review.
35- [Improving the threat model](https://developers.openai.com/codex/security/threat-model) explains how to tune scope, attack surface, and criticality assumptions.49- [Improving the threat model](https://developers.openai.com/codex/security/threat-model) explains how to tune scope, attack surface, and criticality assumptions.
50- [FAQ](https://developers.openai.com/codex/security/faq) covers common product questions.
36 51
