diff --git a/tools/java-source-utils/src/main/java/com/microsoft/android/JavaSourceUtilsOptions.java b/tools/java-source-utils/src/main/java/com/microsoft/android/JavaSourceUtilsOptions.java
index f110c170d..4cc08b08b 100644
--- a/tools/java-source-utils/src/main/java/com/microsoft/android/JavaSourceUtilsOptions.java
+++ b/tools/java-source-utils/src/main/java/com/microsoft/android/JavaSourceUtilsOptions.java
@@ -167,7 +167,7 @@ private final JavaSourceUtilsOptions parse(Iterator<String> args) throws IOExcep
 					final   String          bootClassPath   = getNextOptionValue(args, arg);
 					final   ArrayList<File> files           = new ArrayList<File>();
 					for (final String cp : bootClassPath.split(File.pathSeparator)) {
-						final   File    file    = new File(cp); // lgtm [java/path-injection-local] java-source-utils.jar is a command-line app, and is useless if it doesn't support command-line args.
+						final   File    file    = new File(cp); // CodeQL [SM00697] java-source-utils.jar is a command-line app, and is useless if it doesn't support command-line args.
 						if (!file.exists()) {
 							System.err.println(App.APP_NAME + ": warning: invalid file path for option `-bootclasspath`: " + cp);
 							continue;
@@ -253,7 +253,7 @@ private final JavaSourceUtilsOptions parse(Iterator<String> args) throws IOExcep
 					if (arg.startsWith("@")) {
 						// response file?
 						final   String  responseFileName = arg.substring(1);
-						final   File    responseFile     = new File(responseFileName);  // lgtm [java/path-injection-local] java-source-utils.jar is a command-line app, and is useless if it doesn't support command-line args.
+						final   File    responseFile     = new File(responseFileName);  // CodeQL [SM00697] java-source-utils.jar is a command-line app, and is useless if it doesn't support command-line args.
 						if (responseFile.exists()) {
 							final   Iterator<String>        lines   =
 								Files.readAllLines(responseFile.toPath())
@@ -267,7 +267,7 @@ private final JavaSourceUtilsOptions parse(Iterator<String> args) throws IOExcep
 							break;
 						}
 					}
-					final   File    file        = new File(arg);    // lgtm [java/path-injection-local] java-source-utils.jar is a command-line app, and is useless if it doesn't support command-line args.
+					final   File    file        = new File(arg);    // CodeQL [SM00697] java-source-utils.jar is a command-line app, and is useless if it doesn't support command-line args.
 					if (!file.exists()) {
 						System.err.println(App.APP_NAME + ": warning: invalid file path for option `FILES`: " + arg);
 						break;
@@ -347,7 +347,7 @@ static File getNextOptionFile(final Iterator<String> args, final String option)
 			throw new IllegalArgumentException(
 					"Expected required value for option `" + option + "`.");
 		final   String  fileName    = args.next();
-		final   File    file        = new File(fileName);   // lgtm [java/path-injection-local] java-source-utils.jar is a command-line app, and is useless if it doesn't support command-line args.
+		final   File    file        = new File(fileName);   // CodeQL [SM00697] java-source-utils.jar is a command-line app, and is useless if it doesn't support command-line args.
 		if (!file.exists()) {
 			System.err.println(App.APP_NAME + ": warning: invalid file path for option `" + option + "`: " + fileName);
 			return null;
diff --git a/tools/java-source-utils/src/main/java/com/microsoft/android/JavadocXmlGenerator.java b/tools/java-source-utils/src/main/java/com/microsoft/android/JavadocXmlGenerator.java
index ba1246819..5e380452e 100644
--- a/tools/java-source-utils/src/main/java/com/microsoft/android/JavadocXmlGenerator.java
+++ b/tools/java-source-utils/src/main/java/com/microsoft/android/JavadocXmlGenerator.java
@@ -39,7 +39,7 @@ public JavadocXmlGenerator(final String output) throws FileNotFoundException, Pa
 		if (output == null)
 			this.output = System.out;
 		else {
-			final File file     = new File(output);     // lgtm [java/path-injection-local] java-source-utils.jar is a command-line app, and is useless if it doesn't support command-line args.
+			final File file     = new File(output);     // CodeQL [SM00697] java-source-utils.jar is a command-line app, and is useless if it doesn't support command-line args.
 			final File parent   = file.getParentFile();
 			if (parent != null) {
 				parent.mkdirs();
@@ -86,7 +86,7 @@ public final void writeCopyrightInfo(final File copyright, final String urlPrefi
 			final   Element    blurb    = document.createElement("copyright");
 			final   NodeList   contents = readXmlFile(copyright);
 			if (contents == null) {
-				final byte[]   data     = Files.readAllBytes(copyright.toPath());
+				final byte[]   data     = Files.readAllBytes(copyright.toPath());   // CodeQL [SM00697] java-source-utils.jar is a command-line app, and is useless if it doesn't support command-line args.
 				blurb.appendChild(document.createCDATASection(new String(data, StandardCharsets.UTF_8)));
 			} else {
 				final int len = contents.getLength();