Codex Security

For installation steps, supported skills, and review boundaries, see the Codex Security plugin guide.

Explore plugin use cases

Run a deep security scan to perform a higher-recall repository-wide audit.
Scan code changes for security before you merge a pull request or branch.
Remediate a vulnerability backlog with bounded fixes for approved findings.

The plugin runs in your Codex thread. Codex Security cloud scans connected GitHub repositories through Codex Web. For Codex sandboxing, approvals, network controls, and admin settings, see Agent approvals & security.

Codex Security cloud

Codex Security cloud is currently in research preview. It scans connected GitHub repositories for likely security issues.

It helps teams:

Find likely vulnerabilities by using a repo-specific threat model and real code context.
Reduce noise by validating findings before you review them.
Move findings toward fixes with ranked results, evidence, and suggested patch options.

How Codex Security cloud works

Codex Security scans connected repositories commit by commit. It builds scan context from your repo, checks likely vulnerabilities against that context, and validates high-signal issues in an isolated environment before surfacing them.

You get a workflow focused on:

repo-specific context instead of generic signatures
validation evidence that helps reduce false positives
suggested fixes you can review in GitHub

Codex Security cloud access and prerequisites

Codex Security is available for ChatGPT Enterprise, Edu, Business, and Pro users. It works with connected GitHub repositories through Codex Web. If you need access or a repository isn't visible, confirm the repository is available through your Codex Web workspace or contact your OpenAI account team.

Codex Security plugin guide covers local repository and diff-review workflows in Codex.
Codex Security cloud setup covers setup, scanning, and findings review.
Improving the threat model explains how to tune scope, attack surface, and criticality assumptions.
FAQ covers common product questions.

security.md +11 −6

~~1# Security – Codex~~1# Codex Security

2 2

~~3[Install plugin in Codex App](https://chatgpt.com/plugins/share/676aca3811d54fa7bcdef5255236b3c4)~~3<CtaPillLink

4 href="https://chatgpt.com/plugins/share/676aca3811d54fa7bcdef5255236b3c4"

5 label="Install plugin in Codex App"

6 icon="external"

7 class="my-8"

8/>

4 9

5For installation steps, supported skills, and review boundaries, see the10For installation steps, supported skills, and review boundaries, see the

6[Codex Security plugin guide](https://developers.openai.com/codex/security/plugin).11[Codex Security plugin guide](https://developers.openai.com/codex/security/plugin).

12- [Remediate a vulnerability backlog](https://developers.openai.com/codex/use-cases/remediate-vulnerability-backlog) with bounded fixes for approved findings.17- [Remediate a vulnerability backlog](https://developers.openai.com/codex/use-cases/remediate-vulnerability-backlog) with bounded fixes for approved findings.

13 18

14The plugin runs in your Codex thread. Codex Security cloud scans connected19The plugin runs in your Codex thread. Codex Security cloud scans connected

~~15GitHub repositories through Codex Web. For Codex sandboxing, approvals,~~20 GitHub repositories through Codex Web. For Codex sandboxing, approvals,

~~16network controls, and admin settings, see [Agent approvals &~~21 network controls, and admin settings, see [Agent approvals &

~~17security](https://developers.openai.com/codex/agent-approvals-security).~~22 security](https://developers.openai.com/codex/agent-approvals-security).

18 23

19## Codex Security cloud24## Codex Security cloud

20 25

40 45

41## Codex Security cloud access and prerequisites46## Codex Security cloud access and prerequisites

42 47

43Codex Security is available for ChatGPT Enterprise, Edu, Business, and Pro users. It works with connected GitHub repositories through Codex Web. If you need access or a repository isn’t visible, confirm the repository is available through your Codex Web workspace or contact your OpenAI account team.48Codex Security is available for ChatGPT Enterprise, Edu, Business, and Pro users. It works with connected GitHub repositories through Codex Web. If you need access or a repository isn't visible, confirm the repository is available through your Codex Web workspace or contact your OpenAI account team.

44 49

45## Related docs50## Related docs

46 51