diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml
index cdf7175e..ad332eb2 100644
--- a/eng/ci/official-build.yml
+++ b/eng/ci/official-build.yml
@@ -30,6 +30,8 @@ resources:
 variables:
   - template: /eng/templates/utils/variables.yml@self
   - template: /eng/templates/utils/official-variables.yml@self
+  - name: codeql.excludePathPatterns
+    value: deps/,build/
 
 extends:
   template: v1/1ES.Official.PipelineTemplate.yml@1es
@@ -39,9 +41,6 @@ extends:
       image: 1es-windows-2022
       os: windows
     sdl:
-      codeql:
-        # Exclude dependencies from CodeQL analysis
-        excludePathPatterns: '/deps,/build'
       codeSignValidation:
         enabled: true
         break: true
diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml
index 9806a86b..a9854e7f 100644
--- a/eng/ci/public-build.yml
+++ b/eng/ci/public-build.yml
@@ -28,6 +28,12 @@ resources:
 
 variables:
   - template: /eng/templates/utils/variables.yml@self
+  - name: codeql.excludePathPatterns
+    value: deps/,build/
+  - name: codeql.compiled.enabled
+    value: true
+  - name: codeql.runSourceLanguagesInSourceAnalysis
+    value: true
 
 extends:
   template: v1/1ES.Unofficial.PipelineTemplate.yml@1es
@@ -36,13 +42,6 @@ extends:
       name: 1es-pool-azfunc-public
       image: 1es-windows-2022
       os: windows
-    sdl:
-      codeql:
-         compiled:
-           enabled: true # still only runs for default branch
-         runSourceLanguagesInSourceAnalysis: true
-         # Exclude dependencies from CodeQL analysis
-         excludePathPatterns: '/deps,/build'
     settings:
       skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }}
     stages: