tools: ignore test directory in CodeQL scans

Trott · RafaelGSS · commit c3d2a1c72381 · 2025-05-02T17:06:45.000-03:00
Scanning the test directory results in many false positives about hard-coded credentials. We want the code scan for user-exectuable code and possibly our tools, but not generally for tests. Ignore the test directory in CodeQL scans. A long list of false positives makes it harder to interpret the result of CodeQL runs. PR-URL: #57978 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: James M Snell <jasnell@gmail.com>
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -7,6 +7,9 @@ on:
 permissions:
   contents: read
 
+paths-to-ignore:
+  - test
+
 jobs:
   analyze:
     name: Analyze
