Skip to content

Add config section to CodeQL workflow with query filters and paths-ignore #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add config section to CodeQL workflow with query filters and paths-ignore #9

wants to merge 4 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Sep 29, 2025
edited
Loading

Overview

This PR modifies the .github/workflows/codeql-analysis.yml file to add a config: section to the github/codeql-action/init@v3 action, enabling more granular control over CodeQL analysis.

Changes

Added Query Filters

The configuration now excludes specific queries that may generate noise in the analysis:

  • java/missing-call-to-super-finalize - Excludes finalize-related checks
  • java/unread-local-variable - Excludes unused variable warnings

Added Paths-Ignore

Test code is now excluded from CodeQL analysis to focus on production code:

  • **/test/** - Excludes test directories
  • **/tests/** - Excludes tests directories
  • **/*Test.java - Excludes test files following Maven naming convention (e.g., VulnerableApplicationTest.java)
  • **/*Tests.java - Excludes test files with plural naming

Configuration Format

The configuration is provided inline using the config: | parameter with YAML syntax:

config: |
  query-filters:
    - exclude:
        id: java/missing-call-to-super-finalize
    - exclude:
        id: java/unread-local-variable
  paths-ignore:
    - '**/test/**'
    - '**/tests/**'
    - '**/*Test.java'
    - '**/*Tests.java'

Benefits

  • Reduces noise from non-critical query results
  • Focuses analysis on production code rather than test code
  • Maintains the existing security-and-quality query suite while fine-tuning results
  • Uses standard Maven test file naming conventions for accurate path exclusion

Validation

  • ✅ YAML syntax validated
  • ✅ Test file patterns verified against actual repository structure
  • ✅ Compatible with CodeQL action v3
Original prompt

This section details on the original issue you should resolve

<issue_title>Modify the code scanning workflow file</issue_title>
<issue_description>Modify the .github/workflows/codeql-analysis.yml file.

add a config: section to the codeql-action/init action.

In that config section, add a couple of exclude query filters, as well as some paths-ignore</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #8

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Copilot AI changed the title [WIP] Modify the code scanning workflow file Add config section to CodeQL workflow with query filters and paths-ignore Sep 29, 2025
Copilot AI requested a review from mickeygousset September 29, 2025 23:08
Copilot finished work on behalf of mickeygousset September 29, 2025 23:08
@mickeygousset mickeygousset marked this pull request as ready for review September 29, 2025 23:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mickeygousset mickeygousset Awaiting requested review from mickeygousset

Assignees

@mickeygousset mickeygousset

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Modify the code scanning workflow file

2 participants

@mickeygousset