The changes proposed here will resolve the issues we have with
pull-request after the merge of #10606. It creates 3 different
workflows to conditionally execute the job based on changes submitted.
A detailed explanation about the issue can be found on #10717.
Resolves#10717
The issue was originally caused by high number of flows paths per alert
generated by the LDAP federation module. That was identified taking the
SARIF file generated and running:
```
jq '.runs[0].results | map({query_id: .rule.id, numPaths: .codeFlows |
length})' java.sarif
```
Together we reduced the number of flows paths, adding optimizations to
skip some paths and avoid false alerts.
Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
Closes#10203
Co-authored-by: Joshua Mulliken <joshua@mulliken.net>
The CodeQL configuration file still has some references to the old
branch `master`, that means that most of the information provided by the
tool must be outdated. Change it is necessary to perform the correct
analysis of the codebase.
Closes#10103
Currently, the CodeQL scanner has been analyzing the whole
codebase,including folders like testsuite, or examples. Those folders
are not relevant from the security standpoint, considering that they do
not expose our users and customers to any risks. They are only relevant
in the context of our pipelines, but never used in production.
Closes#9631
