diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 1a006504c6c..f26c8a4fc4d 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -8,8 +8,6 @@ on:
     # The branches below must be a subset of the branches above
     branches:
       - main
-    paths-ignore:
-      - 'tests/appsec/iast_packages/packages/*.py'
 
 jobs:
   analyze:
@@ -38,6 +36,7 @@ jobs:
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
+        config-file: ./.github/workflows/codeql-config.yml
 
     - name: Autobuild
       uses: github/codeql-action/autobuild@v2
diff --git a/.github/workflows/codeql-config.yml b/.github/workflows/codeql-config.yml
new file mode 100644
index 00000000000..ce7ae500c98
--- /dev/null
+++ b/.github/workflows/codeql-config.yml
@@ -0,0 +1,2 @@
+paths-ignore:
+  - 'tests/appsec/iast_packages/packages/*.py'