From f764f7081607863e0fc67f2d82f4559915945414 Mon Sep 17 00:00:00 2001
From: Anjali Singh <v-singhanjal@microsoft.com>
Date: Thu, 25 Sep 2025 13:20:37 +0530
Subject: [PATCH 01/11] check for codeql failure

---
 .github/workflows/ci.yml | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1b7fcff7cb..0f88f0a175 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -114,21 +114,6 @@ jobs:
       run: yarn null:autoadd && node .github/workflows/verify-unchanged-strict-null-checks.js
       timeout-minutes: 6
 
-  codeql:
-    runs-on: ubuntu-22.04
-    steps:
-    - uses: actions/checkout@v4.2.2
-      timeout-minutes: 2
-
-    - uses: github/codeql-action/init@v3
-      timeout-minutes: 2
-      with:
-        trap-caching: false
-        languages: javascript
-    
-    - uses: github/codeql-action/analyze@v3
-      timeout-minutes: 10
-
   e2e-web-tests:
     name: e2e-web-tests (${{ matrix.shard-index }}/${{ strategy.job-total }})
     runs-on: ubuntu-22.04

From 00681f21ee7bab37c3d253251a64e85e8b429132 Mon Sep 17 00:00:00 2001
From: Anjali Singh <v-singhanjal@microsoft.com>
Date: Mon, 29 Sep 2025 14:02:11 +0530
Subject: [PATCH 02/11] Revert "check for codeql failure"

This reverts commit f764f7081607863e0fc67f2d82f4559915945414.
---
 .github/workflows/ci.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0f88f0a175..1b7fcff7cb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -114,6 +114,21 @@ jobs:
       run: yarn null:autoadd && node .github/workflows/verify-unchanged-strict-null-checks.js
       timeout-minutes: 6
 
+  codeql:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4.2.2
+      timeout-minutes: 2
+
+    - uses: github/codeql-action/init@v3
+      timeout-minutes: 2
+      with:
+        trap-caching: false
+        languages: javascript
+    
+    - uses: github/codeql-action/analyze@v3
+      timeout-minutes: 10
+
   e2e-web-tests:
     name: e2e-web-tests (${{ matrix.shard-index }}/${{ strategy.job-total }})
     runs-on: ubuntu-22.04

From 1ee332bf1d468008f1c6016e870b313bc8e13d06 Mon Sep 17 00:00:00 2001
From: Anjali Singh <v-singhanjal@microsoft.com>
Date: Mon, 29 Sep 2025 14:05:06 +0530
Subject: [PATCH 03/11] removed default setup

---
 build-webCI.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/build-webCI.yaml b/build-webCI.yaml
index b9113889cc..bc15126f29 100644
--- a/build-webCI.yaml
+++ b/build-webCI.yaml
@@ -15,7 +15,6 @@ variables:
     windowsImage: 'windows-2022-secure'
     macImage: 'macOS-14'
     linuxImage: 'ubuntu-22.04-secure'
-    Codeql.Enabled: true
 
 extends:
     template: pipeline/build-shared.yaml@self

From 003152481201fd37c495357dd379b833bf3f4b23 Mon Sep 17 00:00:00 2001
From: Anjali Singh <v-singhanjal@microsoft.com>
Date: Mon, 29 Sep 2025 14:13:32 +0530
Subject: [PATCH 04/11] removed codeql from ci.yml

---
 .github/workflows/ci.yml | 15 ---------------
 build-webCI.yaml         |  1 +
 2 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1b7fcff7cb..0f88f0a175 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -114,21 +114,6 @@ jobs:
       run: yarn null:autoadd && node .github/workflows/verify-unchanged-strict-null-checks.js
       timeout-minutes: 6
 
-  codeql:
-    runs-on: ubuntu-22.04
-    steps:
-    - uses: actions/checkout@v4.2.2
-      timeout-minutes: 2
-
-    - uses: github/codeql-action/init@v3
-      timeout-minutes: 2
-      with:
-        trap-caching: false
-        languages: javascript
-    
-    - uses: github/codeql-action/analyze@v3
-      timeout-minutes: 10
-
   e2e-web-tests:
     name: e2e-web-tests (${{ matrix.shard-index }}/${{ strategy.job-total }})
     runs-on: ubuntu-22.04
diff --git a/build-webCI.yaml b/build-webCI.yaml
index bc15126f29..b9113889cc 100644
--- a/build-webCI.yaml
+++ b/build-webCI.yaml
@@ -15,6 +15,7 @@ variables:
     windowsImage: 'windows-2022-secure'
     macImage: 'macOS-14'
     linuxImage: 'ubuntu-22.04-secure'
+    Codeql.Enabled: true
 
 extends:
     template: pipeline/build-shared.yaml@self

From cdee8ca6d6265ba008c2bd60e9053c11ca7e8bcb Mon Sep 17 00:00:00 2001
From: Anjali Singh <v-singhanjal@microsoft.com>
Date: Mon, 29 Sep 2025 15:42:16 +0530
Subject: [PATCH 05/11] Revert "removed codeql from ci.yml"

This reverts commit 003152481201fd37c495357dd379b833bf3f4b23.
---
 .github/workflows/ci.yml | 15 +++++++++++++++
 build-webCI.yaml         |  1 -
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0f88f0a175..1b7fcff7cb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -114,6 +114,21 @@ jobs:
       run: yarn null:autoadd && node .github/workflows/verify-unchanged-strict-null-checks.js
       timeout-minutes: 6
 
+  codeql:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4.2.2
+      timeout-minutes: 2
+
+    - uses: github/codeql-action/init@v3
+      timeout-minutes: 2
+      with:
+        trap-caching: false
+        languages: javascript
+    
+    - uses: github/codeql-action/analyze@v3
+      timeout-minutes: 10
+
   e2e-web-tests:
     name: e2e-web-tests (${{ matrix.shard-index }}/${{ strategy.job-total }})
     runs-on: ubuntu-22.04
diff --git a/build-webCI.yaml b/build-webCI.yaml
index b9113889cc..bc15126f29 100644
--- a/build-webCI.yaml
+++ b/build-webCI.yaml
@@ -15,7 +15,6 @@ variables:
     windowsImage: 'windows-2022-secure'
     macImage: 'macOS-14'
     linuxImage: 'ubuntu-22.04-secure'
-    Codeql.Enabled: true
 
 extends:
     template: pipeline/build-shared.yaml@self

From 32d247615b35b5b4fe54d1894a3cdda6e49877f8 Mon Sep 17 00:00:00 2001
From: Anjali Singh <v-singhanjal@microsoft.com>
Date: Mon, 29 Sep 2025 17:01:11 +0530
Subject: [PATCH 06/11] removed sdl block

---
 pipeline/Accessibility Insights Web SDT - CI.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/pipeline/Accessibility Insights Web SDT - CI.yml b/pipeline/Accessibility Insights Web SDT - CI.yml
index 90e90bb0a2..c9ac825fda 100644
--- a/pipeline/Accessibility Insights Web SDT - CI.yml	
+++ b/pipeline/Accessibility Insights Web SDT - CI.yml	
@@ -24,10 +24,6 @@ extends:
             os: windows
             image: windows-2022-secure
             name: $(a11yInsightsPool)
-        sdl:
-            codeql:
-                compiled:
-                    enabled: true
         customBuildTags:
             - MigrationTooling-accessibility-insights-private-Accessibility Insights (private)-3-Tool
         stages:

From 4c1fe4850b4f96743251b3bd2a59bdeb19d98a91 Mon Sep 17 00:00:00 2001
From: Anjali Singh <v-singhanjal@microsoft.com>
Date: Mon, 29 Sep 2025 17:10:05 +0530
Subject: [PATCH 07/11] added default codeql

---
 build-webCI.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/build-webCI.yaml b/build-webCI.yaml
index bc15126f29..b9113889cc 100644
--- a/build-webCI.yaml
+++ b/build-webCI.yaml
@@ -15,6 +15,7 @@ variables:
     windowsImage: 'windows-2022-secure'
     macImage: 'macOS-14'
     linuxImage: 'ubuntu-22.04-secure'
+    Codeql.Enabled: true
 
 extends:
     template: pipeline/build-shared.yaml@self

From fd39b0fea2ac010e4bd3a9fbbf3d396aa7605133 Mon Sep 17 00:00:00 2001
From: Anjali Singh <v-singhanjal@microsoft.com>
Date: Mon, 29 Sep 2025 18:28:57 +0530
Subject: [PATCH 08/11] Revert "added default codeql"

This reverts commit 4c1fe4850b4f96743251b3bd2a59bdeb19d98a91.
---
 build-webCI.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/build-webCI.yaml b/build-webCI.yaml
index b9113889cc..bc15126f29 100644
--- a/build-webCI.yaml
+++ b/build-webCI.yaml
@@ -15,7 +15,6 @@ variables:
     windowsImage: 'windows-2022-secure'
     macImage: 'macOS-14'
     linuxImage: 'ubuntu-22.04-secure'
-    Codeql.Enabled: true
 
 extends:
     template: pipeline/build-shared.yaml@self

From 72238ea98251eacaa7282fc3a01b9857197e281c Mon Sep 17 00:00:00 2001
From: Anjali Singh <v-singhanjal@microsoft.com>
Date: Mon, 29 Sep 2025 18:29:21 +0530
Subject: [PATCH 09/11] Revert "removed sdl block"

This reverts commit 32d247615b35b5b4fe54d1894a3cdda6e49877f8.
---
 pipeline/Accessibility Insights Web SDT - CI.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pipeline/Accessibility Insights Web SDT - CI.yml b/pipeline/Accessibility Insights Web SDT - CI.yml
index c9ac825fda..90e90bb0a2 100644
--- a/pipeline/Accessibility Insights Web SDT - CI.yml	
+++ b/pipeline/Accessibility Insights Web SDT - CI.yml	
@@ -24,6 +24,10 @@ extends:
             os: windows
             image: windows-2022-secure
             name: $(a11yInsightsPool)
+        sdl:
+            codeql:
+                compiled:
+                    enabled: true
         customBuildTags:
             - MigrationTooling-accessibility-insights-private-Accessibility Insights (private)-3-Tool
         stages:

From 60032dec47da6c8e6db22f1243aaa61e46bb6f30 Mon Sep 17 00:00:00 2001
From: Anjali Singh <v-singhanjal@microsoft.com>
Date: Mon, 29 Sep 2025 18:31:37 +0530
Subject: [PATCH 10/11] Reapply "removed codeql from ci.yml"

This reverts commit cdee8ca6d6265ba008c2bd60e9053c11ca7e8bcb.
---
 .github/workflows/ci.yml | 15 ---------------
 build-webCI.yaml         |  1 +
 2 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1b7fcff7cb..0f88f0a175 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -114,21 +114,6 @@ jobs:
       run: yarn null:autoadd && node .github/workflows/verify-unchanged-strict-null-checks.js
       timeout-minutes: 6
 
-  codeql:
-    runs-on: ubuntu-22.04
-    steps:
-    - uses: actions/checkout@v4.2.2
-      timeout-minutes: 2
-
-    - uses: github/codeql-action/init@v3
-      timeout-minutes: 2
-      with:
-        trap-caching: false
-        languages: javascript
-    
-    - uses: github/codeql-action/analyze@v3
-      timeout-minutes: 10
-
   e2e-web-tests:
     name: e2e-web-tests (${{ matrix.shard-index }}/${{ strategy.job-total }})
     runs-on: ubuntu-22.04
diff --git a/build-webCI.yaml b/build-webCI.yaml
index bc15126f29..b9113889cc 100644
--- a/build-webCI.yaml
+++ b/build-webCI.yaml
@@ -15,6 +15,7 @@ variables:
     windowsImage: 'windows-2022-secure'
     macImage: 'macOS-14'
     linuxImage: 'ubuntu-22.04-secure'
+    Codeql.Enabled: true
 
 extends:
     template: pipeline/build-shared.yaml@self

From ee51f54bda65a92fc71b018a749efa6ae0d28381 Mon Sep 17 00:00:00 2001
From: Anjali Singh <v-singhanjal@microsoft.com>
Date: Wed, 1 Oct 2025 12:08:26 +0530
Subject: [PATCH 11/11] kept trap-caching option

---
 .github/codeql/codeql-config.yml |  3 +++
 .github/workflows/ci.yml         | 10 ++++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 .github/codeql/codeql-config.yml

diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
new file mode 100644
index 0000000000..afa7faad4b
--- /dev/null
+++ b/.github/codeql/codeql-config.yml
@@ -0,0 +1,3 @@
+name: "Accessibility Insights CodeQL Config"
+languages: 
+  - javascript
\ No newline at end of file
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0f88f0a175..5483e85a78 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -114,6 +114,16 @@ jobs:
       run: yarn null:autoadd && node .github/workflows/verify-unchanged-strict-null-checks.js
       timeout-minutes: 6
 
+  codeql:
+    runs-on: ubuntu-22.04
+    steps:
+        - uses: actions/checkout@v4
+        - uses: github/codeql-action/init@v3
+          with:
+           config-file: ./.github/codeql/codeql-config.yml
+           trap-caching: false
+        - uses: github/codeql-action/analyze@v3
+  
   e2e-web-tests:
     name: e2e-web-tests (${{ matrix.shard-index }}/${{ strategy.job-total }})
     runs-on: ubuntu-22.04