diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7dc3bb3d3a..999cf7fcd0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -154,11 +154,11 @@ variables:
   # https://docs.gitlab.com/user/application_security/sast/#vulnerability-filters
   # https://stackoverflow.com/a/71111784
   SAST_EXCLUDED_PATHS: 'spec,test,test-d,test-federation,test-server,tests,tmp,cypress,coverage,node_modules,build,built,built-js,*.min.js,megalodon/lib,libopenmpt'
-  DS_EXCLUDED_PATHS: 'spec,test,test-d,test-federation,test-server,tests,tmp,cypress,coverage,node_modules,build,built,built-js,*.min.js,megalodon/lib,libopenmpt'
+  DS_EXCLUDED_PATHS: 'spec,test,test-d,test-federation,test-server,tests,tmp,cypress,coverage,node_modules,build,built,built-js,*.min.js,megalodon/lib,libopenmpt,packages/*/src' # save time: skip source directories
 
   # https://docs.gitlab.com/user/application_security/dependency_scanning/migration_guide_to_sbom_based_scans/
   DS_ENFORCE_NEW_ANALYZER: 'true'
-  DS_MAX_DEPTH: 8
+  DS_MAX_DEPTH: -1
   # https://docs.gitlab.com/user/application_security/dependency_scanning/static_reachability/
   DS_STATIC_REACHABILITY_ENABLED: true
 
@@ -182,4 +182,4 @@ libbehave-experiment:
   # https://gitlab.com/gitlab-org/security-products/demos/experiments/libbehave/npm-demo/-/blob/add_dependencies/.gitlab-ci.yml?ref_type=heads#L6
   # https://stackoverflow.com/a/70360201
   rules:
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
\ No newline at end of file
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'