Skip to content

ci(codeql): exclude vendor/dist from analysis#7349

Merged
BridgeAR merged 1 commit intomasterfrom
watson/codeql-ignore-vendor-dist
Jan 27, 2026
Merged

ci(codeql): exclude vendor/dist from analysis#7349
BridgeAR merged 1 commit intomasterfrom
watson/codeql-ignore-vendor-dist

Conversation

@watson
Copy link
Copy Markdown
Collaborator

@watson watson commented Jan 27, 2026

What does this PR do?

Excludes the vendor/dist directory from CodeQL analysis by adding it to the paths-ignore list in .github/codeql_config.yml.

Motivation

The vendor/dist directory contains bundled third-party dependencies that are already analyzed upstream. Including them in CodeQL scans adds noise and increases analysis time without providing meaningful security insights for our project's code.

@watson
ci(codeql): exclude vendor/dist from analysis
6756039 
The vendor/dist directory contains bundled dependencies that don't
need to be scanned as part of the project's code analysis.
@watson watson requested a review from a team as a code owner January 27, 2026 06:52
@watson watson self-assigned this Jan 27, 2026
@watson Graphite App
Copy link
Copy Markdown
Collaborator Author

watson commented Jan 27, 2026

This stack of pull requests is managed by Graphite. Learn more about stacking.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Jan 27, 2026

Overall package size

Self size: 4.45 MB
Deduped: 5.29 MB
No deduping: 5.29 MB

Dependency sizes | name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 2.0.3 | 76.87 kB | 808.03 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

🤖 This report was automatically generated by heaviest-objects-in-the-universe

@codecov
Copy link
Copy Markdown

codecov bot commented Jan 27, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.16%. Comparing base (b084a8d) to head (6756039).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #7349   +/-   ##
=======================================
  Coverage   86.16%   86.16%           
=======================================
  Files         515      515           
  Lines       22234    22234           
=======================================
  Hits        19157    19157           
  Misses       3077     3077
Flag Coverage Δ
aiguard-macos 99.09% <ø> (ø)
aiguard-ubuntu 99.09% <ø> (ø)
aiguard-windows 99.09% <ø> (ø)
apm-capabilities-tracing-macos 57.88% <ø> (ø)
apm-capabilities-tracing-ubuntu 57.88% <ø> (ø)
apm-capabilities-tracing-windows 57.48% <ø> (ø)
apm-integrations-child-process 99.19% <ø> (ø)
apm-integrations-couchbase-18 100.00% <ø> (ø)
apm-integrations-couchbase-eol 100.00% <ø> (ø)
appsec-express 62.46% <ø> (ø)
appsec-fastify 58.48% <ø> (ø)
appsec-graphql 53.41% <ø> (ø)
appsec-kafka 43.98% <ø> (ø)
appsec-ldapjs 46.04% <ø> (ø)
appsec-lodash 47.29% <ø> (ø)
appsec-macos 93.74% <ø> (ø)
appsec-mongodb-core 51.82% <ø> (ø)
appsec-mongoose 50.73% <ø> (ø)
appsec-mysql 54.20% <ø> (ø)
appsec-node-serialize 43.92% <ø> (ø)
appsec-passport 48.10% <ø> (ø)
appsec-postgres 54.55% <ø> (ø)
appsec-sourcing 33.80% <ø> (ø)
appsec-template 43.92% <ø> (ø)
appsec-ubuntu 93.74% <ø> (ø)
appsec-windows 93.74% <ø> (ø)
llmobs-ai 52.09% <ø> (ø)
llmobs-anthropic 42.73% <ø> (ø)
llmobs-bedrock 40.06% <ø> (ø)
llmobs-google-genai 45.89% <ø> (ø)
llmobs-langchain 50.15% <ø> (ø)
llmobs-openai 55.62% <ø> (ø)
llmobs-vertex-ai 44.48% <ø> (ø)
platform-core 87.23% <ø> (ø)
platform-instrumentations-misc 88.59% <ø> (ø)
platform-shimmer 98.82% <ø> (ø)
platform-unit-guardrails 89.47% <ø> (ø)
profiling-macos 70.74% <ø> (ø)
profiling-ubuntu 70.74% <ø> (ø)
profiling-windows 74.18% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@pr-commenter
Copy link
Copy Markdown

pr-commenter bot commented Jan 27, 2026

Benchmarks

Benchmark execution time: 2026-01-27 07:03:54

Comparing candidate commit 6756039 in PR branch watson/codeql-ignore-vendor-dist with baseline commit b084a8d in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 231 metrics, 29 unstable metrics.

@BridgeAR BridgeAR merged commit f9a04be into master Jan 27, 2026
787 of 788 checks passed
@BridgeAR BridgeAR deleted the watson/codeql-ignore-vendor-dist branch January 27, 2026 10:12
dd-octo-sts bot pushed a commit that referenced this pull request Jan 28, 2026
@watson @rochdev
ci(codeql): exclude vendor/dist from analysis (#7349)
76fed6b 
The vendor/dist directory contains bundled dependencies that don't
need to be scanned as part of the project's code analysis.
@dd-octo-sts dd-octo-sts bot mentioned this pull request Jan 28, 2026
Merged
BridgeAR pushed a commit that referenced this pull request Jan 30, 2026
@watson @BridgeAR
ci(codeql): exclude vendor/dist from analysis (#7349)
eeb2d11 
The vendor/dist directory contains bundled dependencies that don't
need to be scanned as part of the project's code analysis.
BridgeAR pushed a commit that referenced this pull request Feb 22, 2026
@watson @BridgeAR
ci(codeql): exclude vendor/dist from analysis (#7349)
7ab735c 
The vendor/dist directory contains bundled dependencies that don't
need to be scanned as part of the project's code analysis.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BridgeAR BridgeAR BridgeAR approved these changes

Assignees

@watson watson

Labels

semver-patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@watson @BridgeAR