SpyBara
Go Premium Account

security/setup.md Codex Docs, 2026-02-19 20:53 UTC → 2026-03-07 18:10 UTC

Inspect the documentation page or source diff for this selected snapshot comparison.

2026
19 Feb 2026, 20:53
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
7 Mar 2026, 18:10
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
Tue 3 00:35 Tue 3 18:20 Wed 4 06:20 Wed 4 18:18 Thu 5 00:34 Thu 5 06:22 Thu 5 18:41 Fri 6 00:38 Sat 7 00:33 Sat 7 06:14 Sat 7 18:10 Sun 8 00:35 Sun 8 18:10 Mon 9 00:34 Wed 11 00:31 Fri 13 00:34 Fri 13 18:15 Sat 14 00:32 Mon 16 12:23 Mon 16 18:25 Tue 17 00:33 Tue 17 18:24 Wed 18 00:36 Wed 18 12:23 Fri 20 00:35 Mon 23 18:22 Wed 25 18:24 Thu 26 18:27 Fri 27 00:39 Fri 27 18:23 Sat 28 00:36 Sat 28 06:26 Tue 31 00:39 Tue 31 06:35

security/setup.md +97 −0 added

Details

1# Codex Security setup

2 

3This page walks you from initial access to reviewed findings and remediation pull requests in Codex Security.

4 

5Confirm you've set up Codex Cloud first. If not, see [Codex

6 Cloud](https://developers.openai.com/codex/cloud) to get started.

7 

8## 1. Access and environment

9 

10Codex Security scans GitHub repositories connected through [Codex Cloud](https://developers.openai.com/codex/cloud).

11 

12- Confirm your workspace has access to Codex Security.

13- Confirm the repository you want to scan is available in Codex Cloud.

14 

15Go to [Codex environments](https://chatgpt.com/codex/settings/environments) and check whether the repository already has an environment. If it doesn't, create one there before continuing.

16 

17[Open environments](https://chatgpt.com/codex/settings/environments)

18 

19![Codex environments](/_astro/create_environment.M-EPszPH.png)

20 

21## 2. New security scan

22 

23After the environment exists, go to [Create a security scan](https://chatgpt.com/codex/security/scans/new) and choose the repository you just connected.

24 

25[Create a security scan](https://chatgpt.com/codex/security/scans/new)

26 

27Codex Security scans repositories from newest commits backward first. It uses this to build and refresh scan context as new commits come in.

28 

29To configure a repository:

30 

311. Select the GitHub organization.

322. Select the repository.

333. Select the branch you want to scan.

344. Select the environment.

355. Choose a **history window**. Longer windows provide more context, but backfill takes longer.

366. Click **Create**.

37 

38![Create a security scan](/_astro/create_scan.mEjmf4U_.png)

39 

40## 3. Initial scans can take a while

41 

42When you create the scan, Codex Security first runs a commit-level security pass across the selected history window.

43The initial backfill can take a few hours, especially for larger repositories or longer windows.

44If findings aren't visible right away, this is expected. Wait for the initial scan to finish before opening a ticket or troubleshooting.

45 

46Initial scan setup is automatic and thorough. This can take a few hours. Don’t

47 be alarmed if the first set of findings is delayed.

48 

49## 4. Review scans and improve the threat model

50 

51[Review scans](https://chatgpt.com/codex/security/scans)

52 

53![Threat model editor in Codex Security](/_astro/review_threat_model.JTLMQEmx.png)

54 

55When the initial scan finishes, open the scan and review the threat model that was generated.

56After initial findings appear, update the threat model so it matches your architecture, trust boundaries, and business context.

57This helps Codex Security rank issues for your team.

58 

59If you want scan results to change, you can edit the threat model with your

60 updated scope, priorities, and assumptions.

61 

62After initial findings appear, revisit the model so scan guidance stays aligned with current priorities.

63Keeping it current helps Codex Security produce better suggestions.

64 

65For a deeper explanation of threat models and how they affect criticality and triage, see [Improving the threat model](https://developers.openai.com/codex/security/threat-model).

66 

67## 5. Review findings and patch

68 

69After the initial backfill completes, review findings from the **Findings** view.

70 

71[Open findings](https://chatgpt.com/codex/security/findings)

72 

73You can use two views:

74 

75- **Recommended Findings**: an evolving top 10 list of the most critical issues in the repo

76- **All Findings**: a sortable, filterable table of findings across the repository

77 

78![Recommended findings view](https://developers.openai.com/codex/security/images/aardvark_recommended_findings.png)

79 

80Click a finding to open its detail page, which includes:

81 

82- a concise description of the issue

83- key metadata such as commit details and file paths

84- contextual reasoning about impact

85- relevant code excerpts

86- call-path or data-flow context when available

87- validation steps and validation output

88 

89You can review each finding and create a PR directly from the finding detail page.

90 

91[Review findings and create a PR](https://chatgpt.com/codex/security/findings)

92 

93## Related docs

94 

95- [Codex Security](https://developers.openai.com/codex/security) gives the product overview.

96- [FAQ](https://developers.openai.com/codex/security/faq) covers common questions.

97- [Improving the threat model](https://developers.openai.com/codex/security/threat-model) explains how to improve scan context and finding prioritization.