From 69bfc77c8e52a339b36da4591a005898c52e6741 Mon Sep 17 00:00:00 2001 From: Justin Wood Date: Sat, 24 Jun 2023 14:17:42 -0700 Subject: [PATCH 1/2] Trying to exclude these --- .github/workflows/codeql.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d6aa8ae2e5ff35..29ac3f8f0b7dd6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -120,3 +120,29 @@ jobs: uses: github/codeql-action/analyze@v2 with: category: "/language:${{matrix.language}}" + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + upload: False + output: sarif-results + + - name: filter-sarif + uses: advanced-security/filter-sarif@v1 + with: + patterns: | + -**/third_party/** + -**/scripts/** + input: sarif-results/cpp.sarif + output: sarif-results/cpp.sarif + + - name: Upload SARIF + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: sarif-results/java.sarif + + - name: Upload loc as a Build Artifact + uses: actions/upload-artifact@v2.2.0 + with: + name: sarif-results + path: sarif-results + retention-days: 1 \ No newline at end of file From b5411be15efc9e7207a97ad4c55926cd5125de79 Mon Sep 17 00:00:00 2001 From: Justin Wood Date: Mon, 26 Jun 2023 09:23:49 -0700 Subject: [PATCH 2/2] Updating path --- .github/workflows/codeql.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2ecf27ee932310..2a30e9e3256fdc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -103,12 +103,6 @@ jobs: uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - name: Setup Build run: scripts/build/gn_gen.sh --args="chip_config_memory_debug_checks=true chip_config_memory_debug_dmalloc=false" @@ -127,6 +121,7 @@ jobs: uses: advanced-security/filter-sarif@v1 with: patterns: | + -**/app/tests/** -**/third_party/** -**/scripts/** input: "sarif-results/${{matrix.language}}.sarif"