An independent, evidence-based trust comparison of Codex and GitHub Copilot CLI, two Coding Agents projects in the HVTracker registry. Scores come from public, checkable signals — supply-chain provenance, OSSF Scorecard, maintenance, and adoption — not popularity.
| Signal | Codexopenai/codex | GitHub Copilot CLIgithub/copilot-cli |
|---|---|---|
| HVTrust score | 97.5 | 96.3 |
| Evidence grade | A | A |
| Overall rank | #7 | #9 |
| Rank in Coding Agents | #2 | #3 |
| GitHub stars | 95.6k | 10.9k |
| Last updated | today | 1d ago |
| Build provenance | Yes | No |
| OSSF Scorecard | 6.7 / 10 | 5.4 / 10 |
| License | Apache-2.0 | NOASSERTION |
| Downloads | 10.9M/wk | — |
| Trust dimensions (points earned) | ||
| Safety / integrity / 25 | 20.9 | 7.7 |
| Identity & provenance / 20 | 18.0 | 10.8 |
| Transparency / 17 | 14.2 | 13.1 |
| Maintenance / 20 | 20.0 | 15.7 |
| Adoption / 20 | 20.0 | 9.7 |
How to read this: HVTrust (0–100) weighs supply-chain signals (provenance, OSSF Scorecard, signed commits, open license) alongside real-world adoption, scaled by an evidence-confidence factor. Grade bands: A ≥ 80, B ≥ 65, C ≥ 50, D < 50. Signals refresh daily. Full methodology v4.1 →