Is there a way to exclude files from CodeQL scanning on GitHub

About

Asked 11/10, 2022 at 15:50 Answered 5/8, 2024 at 16:16

security github yaml github-actions codeql

I had tried using paths-ignore that I read about from https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning but it didn't help since they don't determine what files will be analyzed when the git action runs. I also came across this article https://josh-ops.com/posts/github-codeql-ignore-files/ that talks about using filter-sarif action but it isn't published to the marketplace. Any suggestions would be appreciated

Arch answered 11/10, 2022 at 15:50 Comment(4)

Which programming language are you scanning (e.g. Java, Python, C++, ...)? For interpreted languages you can specify which directories to ignore. If I remember correctly the Java extractor might support exclusions as well, but I am not sure if you can set them for the GitHub code scanning action. Could you please also share what you have so far? – Hah 16/10, 2022 at 16:2

For compiled languages you can also influence which files are scanned by specifying a custom build command which only compiles a subset of all files. – Hah 16/10, 2022 at 16:4

@Hah Javascript and Go. I created a yaml file that uses paths-ignore: and I call that yaml file by using config-file: . I also tried creating two different yaml files for each of the programming languages but I get the following error message for JavaScript: The process '/apps/ghe-actions/_work/_tool/CodeQL/0.0.0-20221010/x64/codeql/codeql' failed with exit code 2 – Arch 4/11, 2022 at 13:29

Might be good to post that at github.com/github/codeql-action/issues or github.com/github/codeql/discussions (not completely sure which fits better) and ask for help there. Also check if there is more information about the failure and have a look at the troubleshooting guide. In case your GitHub repository is public, could you please also add links to the failing workflows to your question? – Hah 5/11, 2022 at 0:2

You can do this by creating a codeql-config.yml file and referencing it in your GitHub workflow file.

workflow file

- uses: github/codeql-action/init@v3
  with:
    config-file: ./.github/codeql/codeql-config.yml

codeql-config.yml

paths:
 - 'src'
paths-ignore:
 - '**/*.test.js'
 - '**/*.test.ts'
 - '**/*.test.tsx'
 - '**/__tests__/**'

Richardson answered 5/8, 2024 at 16:16 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags