don't scan _deps with Trivy or CodeQL

Author: pbalcer

.github/codeql/codeql-config.yml

@@ -0,0 +1,2 @@
+paths-ignore:
+ - '**/_deps/**'

.github/workflows/codeql.yml

@@ -27,6 +27,7 @@ jobs:
       uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
       with:
         languages: cpp, python
+        config-file: ./.github/codeql/codeql-config.yml
 
     - name: Install pip packages
       run: pip install -r third_party/requirements.txt

.github/workflows/trivy.yml

@@ -35,6 +35,7 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
           exit-code: 1  # Fail if issue found
+          skip-dirs: '**/_deps/**'
           # file with suppressions: .trivyignore (in root dir)
 
       - name: Print report and trivyignore file