How do I exclude a check only on certain paths in a github workflow?

[ryao]

The documentation explains how to exclude checks and how to ignore paths:

https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#example-configuration-files

Is there any way to exclude checks on certain paths?

In particular, I have some complaints from cpp/non-constant-format on a couple of files in my project where I care about reports of potential defects, but I do not particularly care about this particular defect report in them. Since #11021 makes it impossible for everyone involved in the project to see defect reports on the main repository, we cannot rely on marking things as WONTFIX since that will only apply to a single repository (as far as I know). I would like to workaround that by adding exceptions to the .yml file so that this particular issue will not be reported on two files, but it would be reported on any other files in the project.

[aibaars]

@ryao You can use https://github.com/advanced-security/filter-sarif for this. The advanced-security/filter-sarif Action allows filtering based on combinations of file path and query id and can be used to remove results from the SARIF file before it is uploaded to GitHub CodeScanning.