diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 4d79d2c..659a44d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -55,8 +55,6 @@ jobs:
         uses: github/codeql-action/init@v3
         with:
           languages: c-cpp
-          config: |
-            paths-ignore: [vendor]
       - name: configure
         run: |
           cmake                                         \
@@ -66,5 +64,19 @@ jobs:
             -DCMAKE_CXX_COMPILER=${{ matrix.cxx-compiler }}
       - name: build
         run: cmake --build build
-      - name: analyze
+      - name: run-codeql
         uses: github/codeql-action/analyze@v3
+        with:
+          output: sarif-results
+          upload: failure-only
+      - name: filter-codeql
+        uses: advanced-security/filter-sarif@v1
+        with:
+          patterns: |
+            -vendor/*
+          input: sarif-results/c-cpp.sarif
+          output: sarif-results/c-cpp.sarif
+      - name: upload-codeql
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: sarif-results/c-cpp.sarif