From f4b2f29143319c7386178bb5460200075920521e Mon Sep 17 00:00:00 2001
From: Xinyi Joffre <xiou@microsoft.com>
Date: Tue, 3 Mar 2026 10:28:10 -0800
Subject: [PATCH] Suppress CodeQL scan detection for DefaultAzureCredential

Clarify comment on DefaultAzureCredential fallback usage.
---
 azure-quantum/azure/quantum/_workspace_connection_params.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-quantum/azure/quantum/_workspace_connection_params.py b/azure-quantum/azure/quantum/_workspace_connection_params.py
index f0a847c45..6debc0a4a 100644
--- a/azure-quantum/azure/quantum/_workspace_connection_params.py
+++ b/azure-quantum/azure/quantum/_workspace_connection_params.py
@@ -509,7 +509,7 @@ def get_credential_or_default(self) -> Any:
         or defaults to a new DefaultAzureCredential.
         """
         return (self.credential
-                or DefaultAzureCredential(exclude_interactive_browser_credential=False))
+                or DefaultAzureCredential(exclude_interactive_browser_credential=False)) # CodeQL [SM05139] Only used as default fallback. Not used in Azure production service.
 
     def get_auth_policy(self) -> Any:
         """