Skip to content

Add config section to CodeQL workflow with query filters and paths-ignore#9

Open
Copilot wants to merge 4 commits intomainfrom
copilot/fix-ea738f73-d28f-44bc-a427-efe25392b2dd
Open

Add config section to CodeQL workflow with query filters and paths-ignore#9
Copilot wants to merge 4 commits intomainfrom
copilot/fix-ea738f73-d28f-44bc-a427-efe25392b2dd

Conversation

Copy link
Contributor

Copilot AI commented Sep 29, 2025
edited
Loading

Overview

This PR modifies the .github/workflows/codeql-analysis.yml file to add a config: section to the github/codeql-action/init@v3 action, enabling more granular control over CodeQL analysis.

Changes

Added Query Filters

The configuration now excludes specific queries that may generate noise in the analysis:

  • java/missing-call-to-super-finalize - Excludes finalize-related checks
  • java/unread-local-variable - Excludes unused variable warnings

Added Paths-Ignore

Test code is now excluded from CodeQL analysis to focus on production code:

  • **/test/** - Excludes test directories
  • **/tests/** - Excludes tests directories
  • **/*Test.java - Excludes test files following Maven naming convention (e.g., VulnerableApplicationTest.java)
  • **/*Tests.java - Excludes test files with plural naming

Configuration Format

The configuration is provided inline using the config: | parameter with YAML syntax:

config: |
  query-filters:
    - exclude:
        id: java/missing-call-to-super-finalize
    - exclude:
        id: java/unread-local-variable
  paths-ignore:
    - '**/test/**'
    - '**/tests/**'
    - '**/*Test.java'
    - '**/*Tests.java'

Benefits

  • Reduces noise from non-critical query results
  • Focuses analysis on production code rather than test code
  • Maintains the existing security-and-quality query suite while fine-tuning results
  • Uses standard Maven test file naming conventions for accurate path exclusion

Validation

  • ✅ YAML syntax validated
  • ✅ Test file patterns verified against actual repository structure
  • ✅ Compatible with CodeQL action v3
Original prompt

This section details on the original issue you should resolve

<issue_title>Modify the code scanning workflow file</issue_title>
<issue_description>Modify the .github/workflows/codeql-analysis.yml file.

add a config: section to the codeql-action/init action.

In that config section, add a couple of exclude query filters, as well as some paths-ignore</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #8

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Copilot AI and others added 3 commits September 29, 2025 23:03
@mickeygousset
Add config section to CodeQL workflow with query filters and paths-ig…
c5fce6c 
…nore

Co-authored-by: mickeygousset <20031479+mickeygousset@users.noreply.github.com>
@mickeygousset
Add documentation comments to CodeQL config section
78bf8bc 
Co-authored-by: mickeygousset <20031479+mickeygousset@users.noreply.github.com>
@mickeygousset
Fix test file pattern to match Maven naming convention
69ef614 
Co-authored-by: mickeygousset <20031479+mickeygousset@users.noreply.github.com>
Copilot AI changed the title [WIP] Modify the code scanning workflow file Add config section to CodeQL workflow with query filters and paths-ignore Sep 29, 2025
Copilot AI requested a review from mickeygousset September 29, 2025 23:08
@mickeygousset mickeygousset marked this pull request as ready for review September 29, 2025 23:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mickeygousset mickeygousset Awaiting requested review from mickeygousset

Assignees

@mickeygousset mickeygousset

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Modify the code scanning workflow file

2 participants

@mickeygousset