mirror of
https://github.com/nodejs/node.git
synced 2025-04-28 21:46:48 +00:00
tools: ignore test directory in CodeQL scans
Scanning the test directory results in many false positives about hard-coded credentials. We want the code scan for user-exectuable code and possibly our tools, but not generally for tests. Ignore the test directory in CodeQL scans. A long list of false positives makes it harder to interpret the result of CodeQL runs. PR-URL: https://github.com/nodejs/node/pull/57978 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
Rich Trott
GitHub
parent
b665127963
commit
1b5b12c3e6
3
.github/workflows/codeql.yml
vendored
3
.github/workflows/codeql.yml
vendored
@ -7,6 +7,9 @@ on:
|
|||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|
||||||
|
paths-to-ignore:
|
||||||
|
- test
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
analyze:
|
analyze:
|
||||||
name: Analyze
|
name: Analyze
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user