diff --git a/.github/secret_scanning.yml b/.github/secret_scanning.yml
new file mode 100644
index 000000000..83ee7b460
--- /dev/null
+++ b/.github/secret_scanning.yml
@@ -0,0 +1,3 @@
+paths-ignore:
+  - 'third-party/**'
+  - 'third-party-licenses.*.md'
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index d74e1c142..37bbb0607 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -32,6 +32,10 @@ jobs:
         with:
           languages: ${{ matrix.language }}
           queries: security-and-quality
+          config: |
+            paths-ignore:
+              - 'third-party/**'
+              - 'third-party-licenses.*.md'
 
       - name: Setup Go
         if: matrix.language == 'go'