alchemy/.github/codeql/codeql-config.yml at 8424c20917f603b9ec66ac80e48d81c1cdcb44b9 · naorpeled/alchemy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
name: "Alchemy CodeQL Configuration"

# Disable default paths to specify custom ones
disable-default-path-filters: false

# Define what paths to include in the analysis
paths:
  - "alchemy/src"
  - "alchemy-web/src"
  - "alchemy-web/docs"
  - "examples/*/src"
  - "examples/*/app"
  - "examples/*/pages"
  - "examples/*/components"
  - "stacks"
  - "scripts"

# Define what paths to exclude from analysis
paths-ignore:
  # Test files
  - "**/*.test.ts"
  - "**/*.test.js"
  - "**/*.spec.ts"
  - "**/*.spec.js"
  - "**/test/**"
  - "**/tests/**"
  - "alchemy/test/**"

  # Generated/Build artifacts
  - "**/node_modules/**"
  - "**/lib/**"
  - "**/dist/**"
  - "**/build/**"
  - "**/.next/**"
  - "**/.nuxt/**"
  - "**/.output/**"
  - "**/out/**"
  - "**/*.d.ts"
  - "**/types/generated/**"

  # Configuration files that don't need security analysis
  - "**/*.config.js"
  - "**/*.config.ts"
  - "**/*.config.mjs"
  - "**/vite.config.*"
  - "**/vitest.config.*"
  - "**/tailwind.config.*"
  - "**/biome.json"
  - "**/tsconfig*.json"
  - "**/.cursorrules"

  # Documentation and misc files
  - "**/*.md"
  - "**/*.mdx"
  - "**/CHANGELOG.md"
  - "**/README.md"
  - "**/LICENSE"
  - "**/.github/**"
  - "**/public/**"
  - "**/static/**"

# Query pack configuration
packs:
  # Include the JavaScript queries pack
  - codeql/javascript-queries

# Query suite configuration
queries:
  # Use comprehensive security and quality query suites
  - uses: security-extended
  - uses: security-and-quality

# Custom query suites for more specific analysis
query-filters:
  # Exclude certain query results that may be noisy for this type of project
  - exclude:
      id: js/incomplete-sanitization
  - exclude:
      id: js/incomplete-multi-character-sanitization