2

I had tried using paths-ignore that I read about from https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning but it didn't help since they don't determine what files will be analyzed when the git action runs. I also came across this article https://josh-ops.com/posts/github-codeql-ignore-files/ that talks about using filter-sarif action but it isn't published to the marketplace. Any suggestions would be appreciated

DevopitionBro
  • 111
  • 1
  • 6
  • Which programming language are you scanning (e.g. Java, Python, C++, ...)? For interpreted languages you can [specify which directories to ignore](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan). If I remember correctly the Java extractor might support exclusions as well, but I am not sure if you can set them for the GitHub code scanning action. Could you please also share what you have so far? – Marcono1234 Oct 16 '22 at 16:02
  • For compiled languages you can also influence which files are scanned by specifying a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language) which only compiles a subset of all files. – Marcono1234 Oct 16 '22 at 16:04
  • @Marcono1234 Javascript and Go. I created a yaml file that uses paths-ignore: and I call that yaml file by using config-file: . I also tried creating two different yaml files for each of the programming languages but I get the following error message for JavaScript: The process '/apps/ghe-actions/_work/_tool/CodeQL/0.0.0-20221010/x64/codeql/codeql' failed with exit code 2 – DevopitionBro Nov 04 '22 at 13:29
  • Might be good to post that at https://github.com/github/codeql-action/issues or https://github.com/github/codeql/discussions (not completely sure which fits better) and ask for help there. Also check if there is more information about the failure and have a look at the [troubleshooting guide](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow). In case your GitHub repository is public, could you please also add links to the failing workflows to your question? – Marcono1234 Nov 05 '22 at 00:02

0 Answers0