diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index c44d3b2f..db7f99ce 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -23,14 +23,12 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
-      with:
-        path: vm-manager
 
     - run: |
        export CC=/usr/bin/clang
        export CXX=/usr/bin/clang++
-       mkdir vm-manager/build/
-       cd vm-manager/build/
+       mkdir build/
+       cd build/
        cmake -DCMAKE_BUILD_TYPE=Release ..
        cmake --build . --config Release
        cd -
@@ -40,12 +38,36 @@ jobs:
       uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
-        #queries: security-extended,security-and-quality
+        queries: security-extended,security-and-quality
 
     - run: |
-       cd vm-manager/build/
+       cd build/
        find src/CMakeFiles/vm-manager.dir/ -iname *.o |xargs rm
        cmake --build . --config Release
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
+      with:
+        upload: False
+        output: sarif-results
+
+    - name: Filter SARIF
+      uses: advanced-security/filter-sarif@v1
+      with:
+        patterns: |
+          -build/**:**
+          -src/services/protos/gens/**:**
+        input: sarif-results/cpp.sarif
+        output: sarif-results/cpp-filtered.sarif
+
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: sarif-results/cpp-filtered.sarif
+
+    - name: artifacts
+      uses: actions/upload-artifact@v3
+      with:
+        name: sarif-results
+        path: sarif-results
+
diff --git a/src/guest/vm_builder.h b/src/guest/vm_builder.h
index c9c64b92..ba044747 100644
--- a/src/guest/vm_builder.h
+++ b/src/guest/vm_builder.h
@@ -66,6 +66,7 @@ static inline constexpr const char *VmStateToStr(VmBuilder::VmState s) {
         case VmBuilder::kVmPaused:  return "Paused";
         case VmBuilder::kVmUnknown: return "Unknown";
     }
+    return "NaN";
 }
 
 
diff --git a/src/guest/vm_builder_qemu.cc b/src/guest/vm_builder_qemu.cc
index f6ef6438..ddee3e64 100644
--- a/src/guest/vm_builder_qemu.cc
+++ b/src/guest/vm_builder_qemu.cc
@@ -190,8 +190,8 @@ static bool SetupHugePages(const std::string &mem_size) {
     WriteSysFile(kSys2MNrHugePages, std::to_string(required_hp));
 
     /* check nr huge pages */
+    int wait_cnt = 0;
     while (nr_hp != required_hp) {
-        int wait_cnt = 0;
         nr_hp = ReadSysFile(kSys2MNrHugePages, std::ios_base::dec);
         if (wait_cnt < 200) {
             usleep(10000);
diff --git a/src/guest/vm_process.cc b/src/guest/vm_process.cc
index abcab5b1..35dfe994 100644
--- a/src/guest/vm_process.cc
+++ b/src/guest/vm_process.cc
@@ -132,7 +132,7 @@ bool VmProcSimple::Running(void) {
 }
 
 VmProcSimple::~VmProcSimple() {
-    Stop();
+    VmProcSimple::Stop();
 }
 
 
@@ -164,7 +164,7 @@ void VmCoProcRpmb::Stop(void) {
 
 
 VmCoProcRpmb::~VmCoProcRpmb() {
-    Stop();
+    VmCoProcRpmb::Stop();
 }
 
 void VmCoProcVtpm::Run(void) {
@@ -186,7 +186,7 @@ void VmCoProcVtpm::Stop(void) {
 }
 
 VmCoProcVtpm::~VmCoProcVtpm() {
-    Stop();
+    VmCoProcVtpm::Stop();
 }
 
 }  //  namespace vm_manager