codeql-action icon indicating copy to clipboard operation
codeql-action copied to clipboard
verified publisher icon github

paths-ignore doesn't seem to work

Open huangminchn opened this issue 2 years ago • 8 comments

Hi team,

I added a customized config file to ask for ignoring 3 files: https://github.com/linkedin/venice/pull/238/commits/3ee4b75e05d10ea485854b9206e883fd813a24b0 but it appears that CodeQL still scans them and reports; am I doing anything wrong here? Any help will be highly appreciated!

Thanks!

huangminchn avatar Mar 16 '23 00:03 huangminchn

I'm afraid that setting only takes effect for languages that scan for all files in your repository (JavaScript, Python, Ruby (see https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning#specifying-directories-to-scan)). Java analysis works by following along with your build process, so if you want to exclude particular files from analysis you need to specify a build process that does not build those files.

smowton avatar Mar 16 '23 09:03 smowton

Another approach is to use the advanced-security/filter-sarif Action to filter out results before reporting them.

aibaars avatar Mar 20 '23 15:03 aibaars