From c7b1afd293f73d09664ce4333492c203c827256b Mon Sep 17 00:00:00 2001
From: Andy Feller <andyfeller@github.com>
Date: Mon, 16 Jun 2025 13:36:37 -0400
Subject: [PATCH] Fixes #11126

These changes will cause GitHub Advanced Security to ignore the auto-generated content around 3rd party dependencies used by `cli/cli` from static code analysis and secret scanning.

For more information:

- https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning
- https://docs.github.com/en/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning
---
 .github/secret_scanning.yml  | 3 +++
 .github/workflows/codeql.yml | 4 ++++
 2 files changed, 7 insertions(+)
 create mode 100644 .github/secret_scanning.yml

diff --git a/.github/secret_scanning.yml b/.github/secret_scanning.yml
new file mode 100644
index 000000000..83ee7b460
--- /dev/null
+++ b/.github/secret_scanning.yml
@@ -0,0 +1,3 @@
+paths-ignore:
+  - 'third-party/**'
+  - 'third-party-licenses.*.md'
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index d74e1c142..37bbb0607 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -32,6 +32,10 @@ jobs:
         with:
           languages: ${{ matrix.language }}
           queries: security-and-quality
+          config: |
+            paths-ignore:
+              - 'third-party/**'
+              - 'third-party-licenses.*.md'
 
       - name: Setup Go
         if: matrix.language == 'go'