Add codeql configuration to prevent scanning vendor directory

2022-07-21 15:52:08 -04:00 · 2022-07-21 15:52:08 -04:00 · af9f40ba7e
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -69,3 +69,5 @@ jobs:

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
+      with:
+        config-file: ./codeql-config.yml
--- a/.github/workflows/codeql-config.yml
+++ b/.github/workflows/codeql-config.yml
@ -0,0 +1,5 @@
+name: "ARO CodeQL config"
+
+# Skip the vendor directory as codeqlv2 analysis falls over
+paths-ignore:
+- 'vendor/**'