Support warning suppression (#13)

* Support warning suppression

* Note requirement to keep codeql/java-queries and CodeQL version in sync

Co-authored-by: Yaroslav Afenkin <yaroslavafenkin@users.noreply.github.com>
Co-authored-by: Daniel Beck <1831569+daniel-beck@users.noreply.github.com>

.github/workflows/jenkins-security-scan.yaml

@@ -33,7 +33,7 @@ jobs:
       - name: Install CodeQL CLI
         uses: jenkins-infra/fetch-codeql-action@v1
         with:
-          version: v2.11.2
+          version: v2.11.2 # Keep version of codeql/java-queries in sync: https://github.com/github/codeql/blob/main/java/ql/src/CHANGELOG.md
       - name: Install jq
         run: |
           sudo apt-get update
@@ -54,15 +54,16 @@ jobs:
           set -o errexit
           set -o nounset
           set -o pipefail
-          
+
           codeql pack install "$CODEQL_RULES_DIR/src/"
+          codeql pack download codeql/java-queries@0.4.2
 
           echo "::group::Create Database"
           LGTM_INDEX_XML_MODE=all codeql database create --language=java --source-root="$CHECKOUT_DIR" "$GITHUB_WORKSPACE/database" || { echo "Failed to create database" >&2 ; exit 1 ; }
           echo "::endgroup::"
 
           echo "::group::Analyze Database"
-          codeql database analyze --sarif-add-query-help --format=sarifv2.1.0 --output=output.sarif "$GITHUB_WORKSPACE/database" "$CODEQL_RULES_DIR/src/" || { echo "Failed to analyze database" >&2 ; exit 1 ; }
+          codeql database analyze --sarif-add-query-help --format=sarifv2.1.0 --output=output.sarif "$GITHUB_WORKSPACE/database" "$CODEQL_RULES_DIR/src/" codeql/java-queries:AlertSuppression.ql codeql/java-queries:AlertSuppressionAnnotations.ql || { echo "Failed to analyze database" >&2 ; exit 1 ; }
           echo "::endgroup::"
 
           # Prevent conflicts with otherwise set up CodeQL scan