codeql should analyze lib not dist by ericsciple · Pull Request #620 · actions/checkout (original) (raw)

👋 Greetings from the CodeQL team! Just spotted this in passing and wanted to offer a suggestion.
CodeQL's JavaScript analysis can do TypeScript parsing, so I think you could omit the build step entirely in your Actions workflow, and it will analyse the .ts files. The only thing you'll miss out is code that is generated only during the build (if any).

If you still need to filter out directories from being scanned, see these docs.