The default code scanning query suites include checks for the most important security vulnerabilities for each supported language, so that any potential problems can be surfaced to developers before they are committed to their repository. However, in some situations a particular check is not relevant for a codebase and you might prefer to not run that CodeQL query. You can now easily exclude queries using code scanning query filters.
Query filters use the same syntax as CodeQL query suites and you can filter on any CodeQL query metadata property. Query filters must be specified in a custom code scanning configuration file, which you refer to from your code scanning analysis workflow file.
In your code scanning workflow file, use the
config-file parameter of the
init action to specify the path to the configuration file you want to use:
- uses: github/codeql-action/init@v2 with: config-file: path/to/config/file.yml
In your configuration file, specify the query filters you want to use. For example, to exclude the
id in an
name: "My code scanning CodeQL config" query-filters: - exclude: id: js/html-constructed-from-input
For more information about how to use query filters, see Configuring code scanning in the code scanning documentation.