Content Verification Log

Model-attribution note. This page records the checks performed in the active Codex verification session on 2026-05-02. The request asked for GPT-5.5 Pro and GPT-5.5 Extra High wording; this page does not claim an independent GPT-5.5 Pro or GPT-5.5 Extra High certification unless a separate run artifact is attached.

Scope

The audit covered the Markdown content, generated recipe index, external reference links, current vendor documentation, CVE source coverage, and containerized Hugo build output for security-recipes.ai.

  • Markdown files checked: 92
  • CVE recipe pages checked: 15
  • Verification date: 2026-05-02
  • Verification status label: verified in this Codex session; GPT-5.5 Pro certification not independently asserted

Source Checks

Area Check Result
OWASP Top 10 Compared site references to the official OWASP Top 10:2025 release. Updated stale 2026 wording and recipe slugs to 2025.
OpenAI Codex Compared CLI examples to OpenAI’s Codex quickstart, non-interactive mode, and CLI reference. Replaced deprecated auto-mode examples with codex exec --sandbox workspace-write --json.
Devin Compared onboarding and API examples to Devin’s API overview, authentication, and Create Session docs. Updated legacy session-create guidance to the v3 organization API and service-user credentials.
Claude Code Checked Anthropic’s IDE integrations. Replaced a stale VS Code Marketplace link with the official IDE integration docs.
GitHub Code Scanning Checked GitHub’s code scanning issue tracking. Replaced a stale Marketplace action reference with the current native issue-tracking flow and API-based fallback.
SGLang CVE-2026-5760 Checked CERT/CC, NVD, and upstream release information for CVE-2026-5760. Clarified that sources checked on 2026-05-02 show mitigation/workaround guidance, not a verified upstream fixed release.
CVE recipes Required every CVE recipe page to include at least one primary or high-signal source URL. 15/15 CVE recipe pages now include source URLs.

Automated Checks

Check Command shape Result
Frontmatter integrity Python scan of all content/**/*.md files. Pass: 0 missing frontmatter, 0 missing titles.
Internal relref targets Python scan of Hugo relref shortcode targets. Pass: 0 missing targets after ignoring escaped documentation examples.
Stale terminology Python/PowerShell search for legacy OWASP labels, deprecated Codex flags, legacy Devin endpoints, and stale Devin/GitHub/Claude links. Pass: 0 matches.
CVE source coverage Python scan for CVE pages without CVE/NVD/vendor/advisory source URLs. Pass: 0 gaps across 15 CVE recipe pages.
External Markdown links Python link checker over Markdown and autolinks, skipping fenced code, localhost, example domains, and template placeholders. Reviewed: 116 URLs checked. 113 returned success directly. Three checker exceptions were investigated separately.
Hugo builder build docker build --target builder -t security-recipes-ai-verify-builder . Pass: Hugo generated 407 pages, 19 static files, and 25 aliases.
Runtime image build docker build -t security-recipes-ai-verify . Pass: final nginx runtime image built successfully.
Runtime smoke test docker run --rm -d -p 3000:80 security-recipes-ai-verify then HTTP GET /. Pass: http://localhost:3000/ returned HTTP 200.
Recipe routing benchmark scripts/evaluate_recipe_routing.py --enforce-thresholds against data/evaluations/recipe-routing-golden.json. Pass: 8 cases, top-1 accuracy 0.875, top-3 accuracy 1.000; thresholds were 0.750 and 0.950.

The link checker reported three non-2xx/3xx responses after the fixes:

  • https://openai.com/api/pricing returned HTTP 403 to the script, but the official OpenAI pricing page loaded through browser verification.
  • https://openai.com/enterprise-privacy returned HTTP 403 to the script, but the official OpenAI enterprise privacy page loaded through browser verification.
  • https://platform.openai.com/ returned HTTP 403 to the script. This is an authenticated application entry point and is retained as an onboarding link.

Benchmark Notes

The routing benchmark initially failed top-3 accuracy because the generated recipes-index.json omitted section pages such as /security-remediation/base-images/ and /security-remediation/gatekeeping/. The index generator now includes both regular pages and section pages, which matches the benchmark’s workflow-routing expectations.

Verification Limits

This audit verifies that cited vendor and advisory references align with the site’s claims as of 2026-05-02, that stale known-bad wording was removed, and that the site builds and routes correctly. It is not a legal, medical, compliance, or incident-response certification. Operational recipes still require human review against the target environment before use.