Skip to content

Configure CodeQL to exclude test directories from security scanning #403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
thomasturrell merged 2 commits into from
Nov 20, 2025
Merged

Configure CodeQL to exclude test directories from security scanning #403

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
469288d
Initial plan
Copilot Nov 20, 2025
e4d0f8d
Configure CodeQL to exclude test directories from analysis
Copilot Nov 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions .github/codeql-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# CodeQL Configuration
# This configuration excludes test directories from CodeQL security scanning
# to focus analysis on production code and reduce noise from test files.
#
# For more information, see:
# - https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#excluding-directories-from-code-scanning
# - https://github.com/github/codeql-action

name: "CodeQL Config for xAPI Java"

# Exclude test directories from analysis
paths-ignore:
- "**/src/test/**"
- "**/test/**"
- "**/*Test.java"
- "**/*Tests.java"

# Additional paths to ignore (build outputs, dependencies)
- "**/target/**"
- "**/build/**"
- "**/.mvn/**"
Comment on lines +19 to +21
Copy link

Copilot AI Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

YAML syntax error: Lines 19-21 are incorrectly indented under the comment on line 18. These lines should be at the same indentation level as line 13 (under paths-ignore:), not as separate items.

Suggested change
- "**/target/**"
- "**/build/**"
- "**/.mvn/**"
- "**/target/**"
- "**/build/**"
- "**/.mvn/**"

Copilot uses AI. Check for mistakes.
14 changes: 14 additions & 0 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,26 @@
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
# This workflow uses a custom CodeQL configuration file (.github/codeql-config.yml)
# to exclude test directories from security scanning. This focuses analysis on
# production code and reduces noise from test files.
#
name: "CodeQL"

on:
push:
branches: [ "main" ]
# Exclude test directories from triggering workflow
paths-ignore:
- "**/src/test/**"
- "**/test/**"
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
# Exclude test directories from triggering workflow
paths-ignore:
- "**/src/test/**"
- "**/test/**"
schedule:
- cron: '17 4 * * 5'

Expand Down Expand Up @@ -48,10 +60,12 @@ jobs:
java-version: '25'

# Initializes the CodeQL tools for scanning.
# Uses custom configuration file to exclude test directories from analysis.
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql-config.yml
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
Expand Down
Loading