referenceFree

codex

When deploying production code, most teams rely on CI/CD pipelines to validate changes before merging. Reviewers typically look at unit test results, vulnerability scans, and code quality reports. Traditionally, these are produced by rule-based engines that catch known issues but often miss contextual or higher-order problems—while leaving developers with noisy results that are hard to prioritize

Automating Code Quality and Security Fixes with Codex CLI in GitLab

Introduction

When deploying production code, most teams rely on CI/CD pipelines to validate changes before merging. Reviewers typically look at unit test results, vulnerability scans, and code quality reports. Traditionally, these are produced by rule-based engines that catch known issues but often miss contextual or higher-order problems—while leaving developers with noisy results that are hard to prioritize or act on.

With LLMs, you can add a new layer of intelligence to this process: reasoning about code quality and interpreting security findings. By augmenting your GitLab pipelines with OpenAI’s Codex CLI, teams gain insights that go beyond static rules:

  • Code Quality → Generate GitLab-compliant CodeClimate JSON reports that surface contextual issues directly in merge requests.

  • Security → Post-process existing SAST results to consolidate duplicates, rank issues by exploitability, and provide clear, actionable remediation steps.

This guide shows how to integrate Codex CLI into a GitLab pipeline for both use cases—delivering structured, machine-readable reports alongside actionable, human-readable guidance.

What is Codex CLI?

Codex CLI is an open-source command-line tool for bringing OpenAI’s reasoning models into your development workflow. For installation, usage, and full documentation, refer to the official repository: github.com/openai/codex.

In this cookbook, we’ll use Full Auto mode in an ephemeral GitLab runner to generate a standards-compliant JSON report.

Pre-requisites

To follow along, you’ll need:

  • A GitLab account and project
  • A GitLab runner with internet access (we’ve tested this on a Linux runner with 2 vCPUs, 8GB memory and 30GB of storage)
  • Runner must be able to connect to api.openai.com
  • An OpenAI API key (OPENAI_API_KEY)
  • GitLab CI/CD variables configur

Related skills.

AmazonBedrock

This course is intended to provide you with a comprehensive step-by-step understanding of how to engineer optimal prompts within Claude, using Bedrock.

anthropic_api_fundamentals

A series of notebook tutorials that cover the essentials of working with Claude models and the Anthropic SDK including:

bootstrap-realtime-eval

Bootstrap a new realtime eval folder inside this cookbook repo by choosing the right harness from examples/evals/realtime_evals, scaffolding prompt/tools/data files, generating a useful README, and validating it with smoke, full eval, and test runs. Use when a user wants to start a new crawl, walk, or run realtime eval in this repository.