diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql_check.yml
similarity index 51%
rename from .github/workflows/codeql.yml
rename to .github/workflows/codeql_check.yml
index c9fd3208..4c4b2098 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql_check.yml
@@ -3,10 +3,15 @@ name: "CodeQL"
 on:
   workflow_dispatch:
   push:
-  pull_request:
     branches:
+      - master
       - main
       - develop
+  pull_request:
+    # Excluded path: add the paths you want to ignore instead of deleting the workflow
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - 'tests/*'
 
 jobs:
   analyse:
@@ -14,24 +19,27 @@ jobs:
     strategy:
       matrix:
         sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK"]
+        # 'cpp' covers C and C++
+        language: ['cpp']
     runs-on: ubuntu-latest
     container:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
-          submodules: recursive
+          submodules: true
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
-          languages: cpp
+          languages: ${{ matrix.language }}
           queries: security-and-quality
 
+      # CodeQL will create the database during the compilation
       - name: Build
         run: |
-          make -j BOLOS_SDK=${{ matrix.sdk }}
+          make BOLOS_SDK=${{ matrix.sdk }}
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3