What is codeql-suppressions.yml used for?

Prepare for the GitHub Advanced Security Certification Test. Practice with multiple choice questions, detailed explanations, and hints. Achieve success on your first attempt!

Multiple Choice

What is codeql-suppressions.yml used for?

Explanation:
Suppressions for CodeQL findings are defined in this file. It lists patterns that match specific CodeQL results (often by rule ID, file path, or other finding attributes) and marks them as suppressed so they don’t appear in the SARIF output or downstream reports. This helps reduce noise from known or accepted issues and lets teams focus on actionable findings. The file is read by CodeQL tooling during analysis, and placing it in the repository at the appropriate location enables these suppressions to apply to that project. It doesn’t configure workflow triggers, store results, or disable secret scanning.

Suppressions for CodeQL findings are defined in this file. It lists patterns that match specific CodeQL results (often by rule ID, file path, or other finding attributes) and marks them as suppressed so they don’t appear in the SARIF output or downstream reports. This helps reduce noise from known or accepted issues and lets teams focus on actionable findings. The file is read by CodeQL tooling during analysis, and placing it in the repository at the appropriate location enables these suppressions to apply to that project. It doesn’t configure workflow triggers, store results, or disable secret scanning.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy