diff --git a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java
index bbc4791f0..429fccdd2 100644
--- a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java
+++ b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java
@@ -1,3 +1,6 @@
+// codeql [java/unvalidated-url-forward]: accept reason="This is a known and accepted risk for this specific file."
+// False positive because, this code checks if the requestUri matches a specific pattern and if any of the anonymousInviteSchemas match a dynamically generated pattern.
+// If both conditions are true, it forwards the request to the same path.
 package dev.sunbirdrc.registry.authorization;
 
 import jakarta.servlet.FilterChain;
diff --git a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java
index cb0a99252..f228ad651 100644
--- a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java
+++ b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java
@@ -1,3 +1,4 @@
+// codeql [java/spring-disabled-csrf]: accept reason="CSRF protection is intentionally disabled for this application"
 package dev.sunbirdrc.registry.authorization;
 
 import dev.sunbirdrc.registry.authorization.pojos.OAuth2Configuration;