From 83c96c44a20cf71a5f05c40914697f18bf4ad268 Mon Sep 17 00:00:00 2001
From: Ed Burns <edburns@microsoft.com>
Date: Wed, 3 Jun 2026 15:23:00 -0700
Subject: [PATCH] On branch edburns/1511-codeql-quality-and-security modified: 
  .github/workflows/codeql.yml

Per @jketema , CodeQL handles Quality and Security. Use this custom config to do both.
---
 .github/workflows/codeql.yml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index dcb971f0d..fcdac9fdd 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -23,9 +23,9 @@ jobs:
       matrix: ${{ steps.build-matrix.outputs.matrix }}
       skipped-matrix: ${{ steps.build-matrix.outputs.skipped-matrix }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
-      - uses: dorny/paths-filter@v3
+      - uses: dorny/paths-filter@6852f92c20ea7fd3b0c25de3b5112db3a98da050 # v3
         id: filter
         if: github.event_name == 'pull_request'
         with:
@@ -106,18 +106,19 @@ jobs:
       matrix: ${{ fromJson(needs.changes.outputs.matrix) }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@a6fd1787519fd23e68309fad43738e41a6ff2a9d # v4
         with:
           languages: ${{ matrix.language }}
+          queries: security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@a6fd1787519fd23e68309fad43738e41a6ff2a9d # v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@a6fd1787519fd23e68309fad43738e41a6ff2a9d # v4
         with:
           category: "/language:${{ matrix.language }}"
 
@@ -149,7 +150,7 @@ jobs:
           EOF
 
       - name: Upload empty SARIF
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@a6fd1787519fd23e68309fad43738e41a6ff2a9d # v4
         with:
           sarif_file: ${{ runner.temp }}/empty.sarif
           category: "/language:${{ matrix.language }}"