From 9b39be5051e8777186ce3d97427f46b7a2036092 Mon Sep 17 00:00:00 2001 From: Rex Lorenzo Date: Tue, 12 May 2026 21:18:02 -0700 Subject: [PATCH] chore(codeql): exclude generated build artifacts from scanning The Razor source generator and xUnit auto-entrypoint generator emit .g.cs files into obj/ that CodeQL ingests during autobuild, producing ~50 noise alerts (cs/missed-readonly-modifier on generated code that we do not author). Move to a config file and add paths-ignore for obj/ and bin/ so the alert list reflects code we can act on. --- .github/codeql/codeql-config.yml | 8 ++++++++ .github/workflows/codeql.yml | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 .github/codeql/codeql-config.yml diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml new file mode 100644 index 00000000..0b90158e --- /dev/null +++ b/.github/codeql/codeql-config.yml @@ -0,0 +1,8 @@ +name: "VIPER CodeQL config" + +queries: + - uses: security-and-quality + +paths-ignore: + - "**/obj/**" + - "**/bin/**" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dbb0bed2..4d5caa6e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -47,7 +47,7 @@ jobs: uses: github/codeql-action/init@v4.35.2 with: languages: ${{ matrix.language }} - queries: security-and-quality + config-file: ./.github/codeql/codeql-config.yml # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below)