https://github.com/GitHubSecurityLab/seclab-taskflows

Example taskflows to use with the GitHub Security Lab Taskflow Agent Framework (https://github.com/GitHubSecurityLab/seclab-taskflow-agent)
https://github.com/GitHubSecurityLab/seclab-taskflows

Last synced: 8 days ago
JSON representation

Example taskflows to use with the GitHub Security Lab Taskflow Agent Framework (https://github.com/GitHubSecurityLab/seclab-taskflow-agent)

• Host: GitHub
• URL: https://github.com/GitHubSecurityLab/seclab-taskflows
• Owner: GitHubSecurityLab
• License: mit
• Created: 2025-11-25T19:54:27.000Z (2 months ago)
• Default Branch: main
• Last Pushed: 2026-01-13T19:14:24.000Z (13 days ago)
• Last Synced: 2026-01-13T21:08:37.833Z (13 days ago)
• Language: Python
• Homepage:
• Size: 216 KB
• Stars: 0
• Watchers: 0
• Forks: 2
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: CODEOWNERS
  • Security: SECURITY.md
  • Support: SUPPORT.md

Awesome Lists containing this project

• awesome-codeql - GitHubSecurityLab/seclab-taskflows - Example taskflows to use with the GitHub Security Lab Taskflow Agent Framework. Intended to be an easy-to-copy template for anybody who would like to publish their own suite of taskflows. (Tooling & Environment / CodeQL AI & LLM Tooling)

README

          
## SecLab taskflows

This repository contains example taskflows to use with the [SecLab Taskflow Agent](https://github.com/GitHubSecurityLab/seclab-taskflow-agent), as well as the custom MCP servers that are needed to run the taskflows. To run these taskflows, first create a directory named `data` in `src`. Various environment variables need to be set for the custom MCP servers to store data.

```

MEMCACHE_STATE_DIR=/app/data

CODEQL_DBS_BASE_PATH=/app/data

DATA_DIR=/app/data

LOG_DIR=/app/logs

```

The `MEMCACHE_STATE_DIR` is needed to persist some intermediate data in the memcache, `DATA_DIR` is needed for various mcp servers to store intermediate results, and `LOG_DIR` is used to store log files generated by the servers. These can be set in a `.env` file in the `src` directory.

If no environment variables are set for the custom MCP servers, relevant folders will be created automatically. The location depends on the platform, and is set by [`platformdirs`](https://pypi.org/project/platformdirs/).

In addition, AI API endpoints and secrets also needs to be configured via [environment variables or Codespace secrets](https://github.com/GitHubSecurityLab/seclab-taskflow-agent?tab=readme-ov-file#configuration). In particular, the environment variables `AI_API_TOKEN` and `AI_API_ENDPOINT` needs to be set to the approach AI API endpoints and credentials. If not set, the default `AI_API_ENDPOINT` is GitHub models:

```

AI_API_ENDPOINT="https://models.github.ai/inference"

```

In addition, the `GH_TOKEN` environment variable also needs to be set to allow interaction with the GitHub API, such as fetching content, creating issues etc.

The repo provides a script [`run_seclab_agent.sh`](https://github.com/GitHubSecurityLab/seclab-taskflows/blob/main/src/run_seclab_agent.sh) to run a docker container of the `seclab-taskflow-agent` as outlined [here](https://github.com/GitHubSecurityLab/seclab-taskflow-agent/tree/main?tab=readme-ov-file#deploying-from-docker). Note that this script needs to be run from the `src` directory, and the `.env` file with the environmental variables needs to be in the same directory.

Individual taskflows may need additional setup, please refer to the `README.md` in the relevant subdirectories for further requirements.

## Background

[SecLab Taskflows](https://github.com/GitHubSecurityLab/seclab-taskflows) is a companion repository to the [SecLab Taskflow Agent](https://github.com/GitHubSecurityLab/seclab-taskflow-agent) repository.

SecLab Taskflow Agent is an experimental agentic framework maintained by [GitHub Security Lab](https://securitylab.github.com/). This repository provides example taskflows and supporting resources for use with the SecLab Taskflow Agent. We are using the agent and these taskflows to experiment with using AI Agents for security purposes, such as auditing code for vulnerabilities or triaging issues.

We'd love to hear your feedback. Please [create an issue](https://github.com/GitHubSecurityLab/seclab-taskflows/issues/new/choose) to send us a feature request or bug report. We also welcome pull requests (see our [contribution guidelines](./CONTRIBUTING.md) for more information if you wish to contribute).

## Requirements

Python >= 3.9 or Docker

## License

This project is licensed under the terms of the [MIT](https://spdx.org/licenses/MIT.html) license. Please refer to the [LICENSE](./LICENSE) file for the full terms.

## Maintainers

[CODEOWNERS](./CODEOWNERS)

## Support

[SUPPORT](./SUPPORT.md)