Recipes

Move from a vulnerability signal to a reviewable action path. Exact CVE links open the matching source record and recommended workflows; broader searches help people and agents find the right audit, containment, or remediation recipe.

CVE intelligence + reviewed workflows

Find the vulnerability. Run the right workflow.

Start with a CVE, affected product, security finding, or desired outcome. Source evidence and human-reviewed action paths stay connected, so teams can move from “what is this?” to a bounded, verifiable change.

  1. 01FindIdentity, severity, exploitation, and affected surface
  2. 02ActMatched intake, audit, containment, and remediation workflows
  3. 03ProveRequired evidence, verification, rollback, and stop conditions
Connect through MCP
Unique entries
266,410
Curated workflows
167
Scored CVEs
266,251
CISA known exploited
1,421

Showing 18 of 167 curated recipes.

Dense list view
Code Hygienedevelopmentworld-class 100

.NET async cancellation and fire-and-forget lifecycle

Bounded audit or remediation to propagate CancellationToken and observe every Task failure.

  • code hygiene
  • audit
  • remediation
code-hygiene.dotnet.dotnet-async-cancellation-and-fire-and-forgetdotnet/nugetgpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

.NET disposable and async-disposable lifecycle

Bounded audit or remediation to dispose synchronous and asynchronous resources exactly once after their final use.

  • code hygiene
  • audit
  • remediation
code-hygiene.dotnet.dotnet-disposable-and-async-disposable-lifecycledotnet/nugetgpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

.NET LINQ enumeration and EF query boundaries

Bounded audit or remediation to avoid repeated enumeration, client evaluation, N+1 loading, and leaked query lifetimes.

  • code hygiene
  • audit
  • remediation
code-hygiene.dotnet.dotnet-linq-enumeration-and-ef-query-boundariesdotnet/nugetgpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

.NET nullable and analyzer suppression debt

Bounded audit or remediation to resolve nullable and analyzer warnings without null-forgiving or pragma expansion.

  • code hygiene
  • audit
  • remediation
code-hygiene.dotnet.dotnet-nullable-and-analyzer-suppression-debtdotnet/nugetgpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

C and C++ atomic, lock, and thread lifecycle

Bounded audit or remediation to remove data races, lock-order hazards, and detached thread lifetimes.

  • code hygiene
  • audit
  • remediation
code-hygiene.c-cpp.c-cpp-atomic-lock-and-thread-lifecyclec-cpp/cmakegpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

C and C++ bounds, integer, and undefined-behavior hygiene

Bounded audit or remediation to remove unchecked bounds, lossy arithmetic, lifetime, and undefined-behavior hazards.

  • code hygiene
  • audit
  • remediation
code-hygiene.c-cpp.c-cpp-bounds-integer-and-undefined-behaviorc-cpp/cmakegpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

C and C++ compiler warning and suppression debt

Bounded audit or remediation to resolve portable compiler diagnostics without blanket flags or pragmas.

  • code hygiene
  • audit
  • remediation
code-hygiene.c-cpp.c-cpp-compiler-warning-and-suppression-debtc-cpp/cmakegpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

C and C++ const, span, view, and lifetime hygiene

Bounded audit or remediation to make mutation and non-owning view lifetimes explicit.

  • code hygiene
  • audit
  • remediation
code-hygiene.c-cpp.c-cpp-const-span-view-and-lifetime-hygienec-cpp/cmakegpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

C and C++ ownership, RAII, and resource lifecycle

Bounded audit or remediation to make memory, file, socket, lock, and handle ownership explicit.

  • code hygiene
  • audit
  • remediation
code-hygiene.c-cpp.c-cpp-ownership-raii-and-resource-lifecyclec-cpp/cmakegpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

CI workflow timeout, concurrency, and cache hygiene

Bounded audit or remediation to bound CI jobs and prevent stale caches and duplicate workflow races.

  • code hygiene
  • audit
  • remediation
code-hygiene.platform.ci-workflow-timeout-concurrency-and-cache-hygieneci/workflowsgpt-5-codex
Open
Complianceinfoworld-class 100

CIS Controls v8.1 Safeguard Implementation Evidence Check

Organizations using the CIS Controls and Implementation Groups to prioritize a defensible baseline security program.

  • audit
  • compliance
  • risk
CIS Controls v8.1gpt-5-codex
Open
Complianceinfoworld-class 95

CISA Cross-Sector Cybersecurity Performance Goals Evidence Check

Critical infrastructure owners and operators prioritizing a voluntary baseline of high-impact cybersecurity practices while CISA updates the CPGs for CSF 2.0.

  • audit
  • compliance
CISA Cross-Sector CPGsgpt-5-codex
Open
Complianceinfoworld-class 95

CJIS Security Policy v6.1 Evidence Check

Criminal justice agencies, noncriminal justice agencies, and service providers handling Criminal Justice Information under applicable agreements.

  • audit
  • compliance
CJIS Security Policy v6.1gpt-5-codex
Open
Complianceinfoworld-class 95

CMMC 2.0 Evidence Readiness Check

Defense contractors and subcontractors whose solicitations or contracts specify a CMMC level and assessment requirement for FCI or CUI.

  • audit
  • compliance
CMMC 2.0gpt-5-codex
Open
Complianceinfoworld-class 100

COBIT 2019 Governance System Evidence Check

Enterprises designing, evaluating, or improving governance of information and technology using COBIT 2019.

  • audit
  • compliance
  • risk
COBIT 2019gpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

Complexity and long-function reduction

Bounded audit or remediation to reduce hard-to-review control flow without changing behavior.

  • code hygiene
  • audit
  • remediation
code-hygiene.cross-language.complexity-and-long-function-reductionmulti-languagegpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

Configuration validation and default hygiene

Bounded audit or remediation to make invalid configuration fail clearly and defaults behave consistently.

  • code hygiene
  • audit
  • remediation
code-hygiene.cross-language.configuration-validation-and-default-hygienemulti-languagegpt-5-codex
Open
Code Hygienedevelopmentworld-class 100

Container signal, healthcheck, and shutdown hygiene

Bounded audit or remediation to make PID 1 signal handling, readiness, health, and graceful shutdown correct.

  • code hygiene
  • audit
  • remediation
code-hygiene.platform.container-signal-healthcheck-and-shutdowncontainers/ocigpt-5-codex
Open

Use recipes safely

Recipes guide people and agents; they do not enforce policy.

  1. Match the recipe to one finding or evidence question.
  2. Read its inputs, scope, guardrails, and stop conditions before acting.
  3. Adapt repository-specific build, test, branch, and ownership details.
  4. Start with a small change, verify the output contract, and require human review.

Back recipes with scoped credentials, branch protections, CODEOWNERS, and required CI. Never treat generated remediation as proof that a system is safe.

For agents and integrations

Use the curated JSON feed for workflow discovery and the dedicated CVE catalog tools for exact or filtered vulnerability lookup. MCP access should remain read-only unless the task explicitly authorizes a specific write.

Use approved MCP servers as read-only evidence.
Do not create tickets, push branches, rotate secrets, deploy changes, or alter
cloud resources through MCP unless this task explicitly grants that permission.

Maintainers can run recipes_quality_report through MCP to find recipes that need stronger inputs, output contracts, verification, or guardrails.

Contribute

Contributions can add workflows, evidence checks, toolsets, templates, or reviewed CVE overrides. Remove secrets, internal hostnames, customer data, and private vulnerability details first, then follow the contribution process.