Add CodeQL config file to only run the scan for production code#5231
Open
anupsdf wants to merge 1 commit intostellar:masterfrom
Open
Add CodeQL config file to only run the scan for production code#5231anupsdf wants to merge 1 commit intostellar:masterfrom
anupsdf wants to merge 1 commit intostellar:masterfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a CodeQL workflow plus a repository CodeQL configuration intended to focus scans on “production” source code and ignore tests / tooling directories.
Changes:
- Added a scheduled + manual CodeQL GitHub Actions workflow running CodeQL for C/C++, Rust, Python, and Actions.
- Added a CodeQL config file that restricts scanned paths to
src/and ignores many test and non-production directories.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
.github/workflows/codeql.yml |
Introduces the CodeQL scanning workflow and points it at the repo CodeQL config file. |
.github/codeql/codeql-config.yml |
Defines paths / paths-ignore to narrow CodeQL results to production-relevant areas. |
anupsdf
force-pushed
the
codeql
branch
2 times, most recently
from
31bb440 to
8775680
Compare
copilot suggestion fix copilot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
what
Add CodeQL config file to only run the scan for production code.
why
So we can ignore non-production files in the scan and focus on the important ones.