Skip to content

Enhance README with Docker and env variable instructions #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sylwia-budzynska merged 5 commits into from
Jan 13, 2026
Merged

Enhance README with Docker and env variable instructions #26

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
55b2c72
Enhance README with Docker and env variable instructions
sylwia-budzynska Jan 9, 2026
81448ec
Update README.md
sylwia-budzynska Jan 9, 2026
6f077f8
Update README.md
sylwia-budzynska Jan 9, 2026
c2c96f6
Update README.md
sylwia-budzynska Jan 13, 2026
3939295
Update README.md
sylwia-budzynska Jan 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 16 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
## SecLab taskflows

This repository contains example taskflows to use with the [SecLab Taskflow Agent](https://github.com/GitHubSecurityLab/seclab-taskflow-agent), as well as the custom MCP servers that are needed to run the taskflows. To run these taskflows, first create a directory named `data` in `src`. Various environment variables need to be set for the custom MCP servers to store data.
This repository contains example taskflows to use with the [SecLab Taskflow Agent](https://github.com/GitHubSecurityLab/seclab-taskflow-agent), as well as the custom MCP servers that are needed to run the taskflows.

### Running with docker script

The recommended way of running the taskflows in this repo is by creating a codespace, and running the script [`run_seclab_agent.sh`](https://github.com/GitHubSecurityLab/seclab-taskflows/blob/main/src/run_seclab_agent.sh) to run a docker container of the `seclab-taskflow-agent` as outlined [here](https://github.com/GitHubSecurityLab/seclab-taskflow-agent/tree/main?tab=readme-ov-file#deploying-from-docker). Note that this script needs to be run from the `src` directory, and the `.env` file with the environment variables for the custom MCP servers to store data needs to be in the same directory.
Copy link
Contributor Author

@sylwia-budzynska sylwia-budzynska Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The recommended way of running the taskflows in this repo is by creating a codespace, and running the script [`run_seclab_agent.sh`](https://github.com/GitHubSecurityLab/seclab-taskflows/blob/main/src/run_seclab_agent.sh) to run a docker container of the `seclab-taskflow-agent` as outlined [here](https://github.com/GitHubSecurityLab/seclab-taskflow-agent/tree/main?tab=readme-ov-file#deploying-from-docker). Note that this script needs to be run from the `src` directory, and the `.env` file with the environment variables for the custom MCP servers to store data needs to be in the same directory.
The recommended way of running the taskflows in this repo is either locally or by creating a codespace, and then running the script [`run_seclab_agent.sh`](https://github.com/GitHubSecurityLab/seclab-taskflows/blob/main/src/run_seclab_agent.sh) to run a docker container of the `seclab-taskflow-agent` as outlined [here](https://github.com/GitHubSecurityLab/seclab-taskflow-agent/tree/main?tab=readme-ov-file#deploying-from-docker). Note that this script needs to be run from the `src` directory, and the `.env` file with the environment variables for the custom MCP servers to store data needs to be in the same directory.

Copy link
Contributor Author

@sylwia-budzynska sylwia-budzynska Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@p- @kevinbackhouse please see my comment.

In this case, we mention that the codespace option exists, so users are aware of it.


First, create a directory named `data` and a `.env` file in the `src` directory. For [`run_seclab_agent.sh`](https://github.com/GitHubSecurityLab/seclab-taskflows/blob/main/src/run_seclab_agent.sh) you can use:

```
MEMCACHE_STATE_DIR=/app/data
Expand All @@ -9,22 +15,26 @@ DATA_DIR=/app/data
LOG_DIR=/app/logs
```

The `MEMCACHE_STATE_DIR` is needed to persist some intermediate data in the memcache, `DATA_DIR` is needed for various mcp servers to store intermediate results, and `LOG_DIR` is used to store log files generated by the servers. These can be set in a `.env` file in the `src` directory.

If no environment variables are set for the custom MCP servers, relevant folders will be created automatically. The location depends on the platform, and is set by [`platformdirs`](https://pypi.org/project/platformdirs/).
The `MEMCACHE_STATE_DIR` is needed to persist some intermediate data in the memcache, `DATA_DIR` is needed for various mcp servers to store intermediate results, and `LOG_DIR` is used to store log files generated by the servers. These can be set in a `.env` file in the `src` directory. If no environment variables are set for the custom MCP servers, relevant folders will be created automatically. The location depends on the platform, and is set by [`platformdirs`](https://pypi.org/project/platformdirs/).

In addition, AI API endpoints and secrets also needs to be configured via [environment variables or Codespace secrets](https://github.com/GitHubSecurityLab/seclab-taskflow-agent?tab=readme-ov-file#configuration). In particular, the environment variables `AI_API_TOKEN` and `AI_API_ENDPOINT` needs to be set to the approach AI API endpoints and credentials. If not set, the default `AI_API_ENDPOINT` is GitHub models:
In addition, AI API endpoints and secrets also need to be configured via [environment variables or Codespace secrets](https://github.com/GitHubSecurityLab/seclab-taskflow-agent?tab=readme-ov-file#configuration). In particular, the environment variables `AI_API_TOKEN` and `AI_API_ENDPOINT` need to be set to the appropriate AI API endpoints and credentials. If not set, the default `AI_API_ENDPOINT` is GitHub models:

```
AI_API_ENDPOINT="https://models.github.ai/inference"
```

In addition, the `GH_TOKEN` environment variable also needs to be set to allow interaction with the GitHub API, such as fetching content, creating issues etc.

The repo provides a script [`run_seclab_agent.sh`](https://github.com/GitHubSecurityLab/seclab-taskflows/blob/main/src/run_seclab_agent.sh) to run a docker container of the `seclab-taskflow-agent` as outlined [here](https://github.com/GitHubSecurityLab/seclab-taskflow-agent/tree/main?tab=readme-ov-file#deploying-from-docker). Note that this script needs to be run from the `src` directory, and the `.env` file with the environmental variables needs to be in the same directory.

Individual taskflows may need additional setup, please refer to the `README.md` in the relevant subdirectories for further requirements.

After setting the relevant env vars, run an example taskflow with:

```bash
cd src
./run_seclab_agent.sh -t seclab_taskflows.taskflows.audit.ghsa_variant_analysis_demo -g repo=github/cmark-gfm -g ghsa=GHSA-c944-cv5f-hpvr
```

## Background

[SecLab Taskflows](https://github.com/GitHubSecurityLab/seclab-taskflows) is a companion repository to the [SecLab Taskflow Agent](https://github.com/GitHubSecurityLab/seclab-taskflow-agent) repository.
Expand Down