GitHub Security Lab developed an AI-powered framework called Taskflow Agent to automate vulnerability triage from code scanning alerts. By breaking down triage into structured YAML-defined tasks, LLMs identify patterns that traditional static analysis tools miss, such as custom authentication checks and sanitization logic. The system uses a multi-stage approach: information gathering, auditing for false positives, report generation, and validation. Since August, this approach has discovered approximately 30 real vulnerabilities in open source repositories by triaging CodeQL alerts for GitHub Actions and JavaScript XSS issues. The framework stores intermediate results in a database, delegates programmatic tasks to MCP servers, and creates GitHub Issues for human review, allowing researchers to incorporate repo-specific knowledge and improve accuracy over time.
Table of contents
Introduction to taskflowsTriaging taskflows from a code scanning alert to a reportGeneral taskflow designTriage examples and resultsTaskflows development tipsClosingSort: