Comment about a bug of codeQL

Where should I report this?

utils/transicc/transicc.c

@@ -641,7 +641,9 @@ void GetLine(char* Buffer, const char* frm, ...)
             vfprintf(stderr, frm, args);
 
         res = scanf("%4095s", Buffer);
-
+        // An amazing bug of codeQL here. It reports: 
+        // 'The result of scanf is only checked against 0, but it can also return EOF."
+        // Not only is not compared against zero, it happens that C99 requires EOF to be negative!
         if (res < 0 || toupper(Buffer[0]) == 'Q') { // Quit?
 
             CloseTransforms();