Skip to content

Visual Guide

Use this page when the site feels like a lot to unpack. The docs are deep on purpose; this page gives you the shortest visual route through them.

The path at a glance

SecurityRecipes is meant to be read as a loop:

  1. Find the right entry point.
  2. Run one small, reviewer-gated remediation PR.
  3. Turn the pattern into a security-operated workflow.
  4. Add MCP context, policy, and audit when the workflow needs to scale.
Quick Start
The five-minute path to your first agentic remediation PR.
Agents
Pick the tool your team already uses and follow its recipe.
Prompt Library
Fork instruction files, skills, rules, and remediation prompts.
MCP Servers
Add controlled context and scoped enterprise tool access.
Security Remediation
Operate reviewable workflows from intake to evidence.

1. Start with the map

Visual map of the security-recipes.ai docs showing Start, Search, Pick, and Read across Quick Start, Agents, Prompt Library, MCP Servers, and Security Remediation.
Start with Quick Start, use search when you know the problem, then pick the section that matches your job.

If you are brand new, begin with Quick Start. If you already know the task, search directly for an agent, CVE, MCP connector, prompt, or workflow. The site is intentionally structured so you do not have to read everything before doing something useful.

2. Run one safe agent PR

Workflow showing Pick Agent, Add Rules, Draft PR, and Review for a first reviewer-gated remediation pull request.
Pick one agent, add the matching rules file, let it draft a PR, and keep a human reviewer in the merge path.

For the first run, choose the AI coding tool your team already has: GitHub Copilot, Devin, Cursor, Codex, or Claude. Copy the matching house-rules file from the agent recipe or prompt library, give the agent one small finding, and review the pull request like any other change.

3. Operate remediation as a workflow

Security operations workflow showing Intake, Gate, Sandbox, Evidence, and Review.
At scale, agentic remediation is a security-operated workflow with gates, sandboxing, evidence, and review.

Once one PR works, graduate to the Security Remediation section. The workflows there show how to decide which findings are eligible, what files the agent may touch, what evidence the run must produce, and where the agent must stop instead of guessing.

4. Use MCP as the context layer

Architecture view showing Agents, Recipes, MCP Server, Policy, Audit, and Scoped Tools.
MCP turns the site from static guidance into controlled, auditable context that agents can use at runtime.

The production shape is MCP-backed. Agents retrieve recipe context from the site or MCP server, policy narrows which tools they may call, scoped connectors reach enterprise systems, and audit records keep the run reviewable.

What to read next

  • Quick Start if you want the shortest path to a first PR.
  • Agents if you already know which AI tool your team uses.
  • Prompt Library if you need rules, skills, or prompts to copy into a repo.
  • MCP Servers if you need controlled context and enterprise connectors.
  • Security Remediation if you are designing the full security-operated workflow.