diff --git a/src/code/Utils.cs b/src/code/Utils.cs
index cc6f0fa14..ee228de1a 100644
--- a/src/code/Utils.cs
+++ b/src/code/Utils.cs
@@ -662,6 +662,7 @@ public static string GetAzAccessToken(PSCmdlet cmdletPassedIn)
                 ExcludeInteractiveBrowserCredential = false
             };
 
+            // codeql[cs/security/identity/default-azure-credential-use] DefaultAzureCredential is not being used to create a credential in a production environment (i.e hosted server). It is created locally for a PSResourceGet command invocation, intended to be short-lived, and supports multiple authentication mechanisms which cannot be predicted and isolated for the invocation beforehand.
             var dCred = new DefaultAzureCredential(credOptions);
             var tokenRequestContext = new TokenRequestContext(new string[] { "https://management.azure.com/.default" });