Skip to content

Commit 6f6c97f

Browse files
[CodeQL] Attempt to filter out scan results from 3rd party codebases
Uses [filter-sarif action](https://github.com/advanced-security/filter-sarif)
1 parent cbea40c commit 6f6c97f

1 file changed

Lines changed: 18 additions & 0 deletions

File tree

.github/workflows/ci_ubuntu.yaml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,6 +144,24 @@ jobs:
144144
if: startsWith(matrix.libtorrent.version, 2) && (matrix.qbt_gui == 'GUI=ON')
145145
with:
146146
category: ${{ github.base_ref || github.ref_name }}
147+
output: sarif-results
148+
upload: none
149+
150+
# Filter out results from 3rdparty codebases
151+
- name: Filter CodeQL results
152+
uses: advanced-security/filter-sarif@v1.1
153+
if: startsWith(matrix.libtorrent.version, 2) && (matrix.qbt_gui == 'GUI=ON')
154+
with:
155+
patterns: |
156+
-src/base/3rdparty/**
157+
input: sarif-results/cpp.sarif
158+
output: sarif-results/cpp.sarif
159+
160+
- name: Upload CodeQL SARIF
161+
uses: github/codeql-action/upload-sarif@v4
162+
if: startsWith(matrix.libtorrent.version, 2) && (matrix.qbt_gui == 'GUI=ON')
163+
with:
164+
sarif_file: sarif-results/cpp.sarif
147165

148166
- name: Prepare build artifacts
149167
run: |

0 commit comments

Comments
 (0)