diff --git a/python-setup/auto_install_packages.py b/python-setup/auto_install_packages.py
index 0e3a5fa1f..0e922ed59 100755
--- a/python-setup/auto_install_packages.py
+++ b/python-setup/auto_install_packages.py
@@ -33,10 +33,16 @@ def _check_output(command, extra_env={}):
 
 def install_packages_with_poetry():
 
-    # To handle poetry 1.2, which started to use keyring interaction MUCH more, we need
-    # add a workaround. See
-    # https://github.com/python-poetry/poetry/issues/2692#issuecomment-1235683370
-    extra_poetry_env = {"PYTHON_KEYRING_BACKEND": "keyring.backends.null.Keyring"}
+    extra_poetry_env = {
+        # To handle poetry 1.2, which started to use keyring interaction MUCH more, we need
+        # add a workaround. See
+        # https://github.com/python-poetry/poetry/issues/2692#issuecomment-1235683370
+        "PYTHON_KEYRING_BACKEND": "keyring.backends.null.Keyring",
+        # Projects that specify `in-project = true` in their poetry.toml would get the
+        # venv created inside the repo directory, which would cause CodeQL to consider
+        # it as user-written code. We don't want this to happen.
+        "POETRY_VIRTUALENVS_IN_PROJECT": "False",
+    }
 
     command = [sys.executable, '-m', 'poetry']
     if sys.platform.startswith('win32'):
diff --git a/python-setup/tests/poetry/requests-3/poetry.toml b/python-setup/tests/poetry/requests-3/poetry.toml
new file mode 100644
index 000000000..ab1033bd3
--- /dev/null
+++ b/python-setup/tests/poetry/requests-3/poetry.toml
@@ -0,0 +1,2 @@
+[virtualenvs]
+in-project = true