diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index cb3413317b..3b8884ca2d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -26,6 +26,8 @@ jobs:
   codeql:
     runs-on: 'ubuntu-latest'
     timeout-minutes: 360
+    env:
+      DISABLE_WARN_OUTSIDE_CONTAINER: '1'
     permissions:
       actions: read
       contents: read
@@ -52,6 +54,16 @@ jobs:
         uses: github/codeql-action/init@v3
         with:
           languages: go
+      # CodeQL 2.16.4's auto-build added support for multi-module repositories,
+      # and is trying to be smart by searching for modules in every directory,
+      # including vendor directories. If no module is found, it's creating one
+      # which is ... not what we want, so let's give it a "go.mod".
+      # see: https://github.com/docker/cli/pull/4944#issuecomment-2002034698
+      -
+        name: Create go.mod
+        run: |
+          ln -s vendor.mod go.mod
+          ln -s vendor.sum go.sum
       -
         name: Autobuild
         uses: github/codeql-action/autobuild@v3