filter out sarif for codeql hw/mcu and lib/

.github/workflows/static_analysis.yml

@@ -65,36 +65,23 @@ jobs:
         uses: github/codeql-action/analyze@v4
         with:
           category: CodeQL
-          upload: always
+          upload: false
         id: analyze
 
-#      - name: Filter out unwanted errors and warnings
-#        uses: advanced-security/filter-sarif@v1
-#        with:
-#          patterns: |
-#            -**:cpp/path-injection
-#            -**:cpp/world-writable-file-creation
-#            -**:cpp/poorly-documented-function
-#            -**:cpp/potentially-dangerous-function
-#            -**:cpp/use-of-goto
-#            -**:cpp/integer-multiplication-cast-to-long
-#            -**:cpp/comparison-with-wider-type
-#            -**:cpp/leap-year/*
-#            -**:cpp/ambiguously-signed-bit-field
-#            -**:cpp/suspicious-pointer-scaling
-#            -**:cpp/suspicious-pointer-scaling-void
-#            -**:cpp/unsigned-comparison-zero
-#            -**/third*party/**
-#            -**/3rd*party/**
-#            -**/external/**
-#          input: ${{ steps.analyze.outputs.sarif-output }}/cpp.sarif
-#          output: ${{ steps.analyze.outputs.sarif-output }}/cpp.sarif
-#
-#      - name: Upload SARIF
-#        uses: github/codeql-action/upload-sarif@v4
-#        with:
-#          sarif_file: ${{ steps.analyze.outputs.sarif-output }}
-#          category: CodeQL
+      - name: Filter SARIF report
+        uses: advanced-security/filter-sarif@v1
+        with:
+          patterns: |
+            -hw/mcu/**
+            -lib/**
+          input: ${{ steps.analyze.outputs.sarif-output }}/cpp.sarif
+          output: ${{ steps.analyze.outputs.sarif-output }}/cpp.sarif
+
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: ${{ steps.analyze.outputs.sarif-output }}
+          category: CodeQL
 
       - name: Upload artifact
         uses: actions/upload-artifact@v5