github · docs-bot · Apr 1, 2025 · Apr 1, 2025 · Apr 1, 2025 · Apr 1, 2025
diff --git a/.github/actions/install-cocofix/action.yml b/.github/actions/install-cocofix/action.yml
@@ -18,4 +18,4 @@ runs:
         npm install --no-save \
           '--@github:registry=https://npm.pkg.github.com' \
           '--//npm.pkg.github.com/:_authToken=${TOKEN}' \
-          @github/cocofix
+          @github/cocofix codeql-ts
diff --git a/.github/workflows/generate-code-scanning-query-lists.yml b/.github/workflows/generate-code-scanning-query-lists.yml
@@ -87,7 +87,7 @@ jobs:
 
       - name: Build code scanning query list
         run: |
-          for lang in "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "swift"; do
+          for lang in "actions" "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "swift"; do
             echo "Generating code scanning query list for $lang"
             npm run generate-code-scanning-query-list -- \
               --verbose \

diff --git a/...dvanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md b/...dvanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md
@@ -63,10 +63,10 @@ You can customize your {% data variables.product.prodname_codeql %} analysis by
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Scroll down to "{% data variables.product.UI_code_security_scanning %}", select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Advanced**.
+1. Scroll down to "{% data variables.product.UI_code_security_scanning %}", in the "{% data variables.product.prodname_codeql %} analysis" row select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Advanced**.
 
    > [!NOTE]
-   > If you are switching from default setup to advanced setup, in the "{% data variables.product.UI_code_security_scanning %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "workflow" aria-hidden="true" %} Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**.
+   > If you are switching from default setup to advanced setup, in the "{% data variables.product.prodname_codeql %} analysis" row, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "workflow" aria-hidden="true" %} Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**.
 
    {% ifversion ghas-products %}
 
@@ -120,6 +120,8 @@ For information on bulk enablement, see [AUTOTITLE](/code-security/code-scanning
 
    ![Screenshot showing a workflow template file open for editing. The "Documentation" button is highlighted with an orange outline.](/assets/images/help/security/actions-workflows-documentation.png)
 
+1. When you have finished defining your configuration, add the new workflow to your default branch.
+
    For more information, see [AUTOTITLE](/actions/learn-github-actions/using-starter-workflows#choosing-and-using-a-starter-workflow) and [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning).
 
 {% endif %}

diff --git a/...your-code-scanning-configuration/editing-your-configuration-of-default-setup.md b/...your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
@@ -33,16 +33,20 @@ If you need to change any other aspects of your {% data variables.product.prodna
 1. In the "{% data variables.product.prodname_codeql %} analysis" row of the "{% data variables.product.UI_code_security_scanning %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "gear" aria-hidden="true" %} View {% data variables.product.prodname_codeql %} configuration**.
 1. In the "{% data variables.product.prodname_codeql %} default configuration" window, click **{% octicon "pencil" aria-hidden="true" %} Edit**.
 1. Optionally, in the "Languages" section, select or deselect languages for analysis.
-1. Optionally, in the "Query suite" row of the "Scan settings" section, select a different query suite to run against your code.{% ifversion codeql-threat-models %}
+1. Optionally, in the "Query suite" row of the "Scan settings" section, select a different query suite to run against your code.
 
 {% ifversion code-scanning-default-setup-customize-labels %}
 
 1. Optionally, to use labeled runners, in the "Runner type" section of the "{% data variables.product.prodname_codeql %} default configuration" modal dialog, select **Standard {% data variables.product.company_short %} runner** {% octicon "triangle-down" aria-hidden="true" %} to open a dropdown menu, then select **Labeled runner**. Then, next to "Runner label", enter the label of an existing self-hosted or {% data variables.product.company_short %}-hosted runner. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#assigning-labels-to-runners).
 
 {% endif %}
 
-1. ({% data variables.release-phases.public_preview_caps %}) Optionally, in the "Threat model" row of the "Scan settings" section, select **Remote and local sources**.
+{% ifversion codeql-threat-models %}
+
+1. ({% data variables.release-phases.public_preview_caps %}) Optionally, in the "Threat model" row of the "Scan settings" section, select **Remote and local sources**. This option is only available for repositories with code in a supported language: {% data variables.code-scanning.code_scanning_threat_model_support %}.
+
 {% endif %}
+
 1. To update your configuration, as well as run an initial analysis of your code with the new configuration, click **Save changes**. All future analyses will use your new configuration.
 
 ## Defining the alert severities that cause a check failure for a pull request

diff --git a/data/features/security-feature-enablement-policies.yml b/data/features/security-feature-enablement-policies.yml
diff --git a/data/features/security-log-oauth-access-tokens.yml b/data/features/security-log-oauth-access-tokens.yml
diff --git a/data/features/security-overview-org-risk-coverage-enterprise.yml b/data/features/security-overview-org-risk-coverage-enterprise.yml
diff --git a/data/features/security-overview-org-risk-coverage.yml b/data/features/security-overview-org-risk-coverage.yml
diff --git a/data/features/security-overview-team-write-access.yml b/data/features/security-overview-team-write-access.yml
diff --git a/data/features/server-statistics.yml b/data/features/server-statistics.yml
diff --git a/data/features/slack-and-team-integrations.yml b/data/features/slack-and-team-integrations.yml
diff --git a/data/features/ssh-cert-policy-allow-u2s-tokens.yml b/data/features/ssh-cert-policy-allow-u2s-tokens.yml
diff --git a/data/features/streaming-datadog.yml b/data/features/streaming-datadog.yml
diff --git a/data/features/syncing-fork-web-ui.yml b/data/features/syncing-fork-web-ui.yml
diff --git a/data/features/target-runner-groups.yml b/data/features/target-runner-groups.yml
diff --git a/data/features/team-discussions-migration.yml b/data/features/team-discussions-migration.yml
diff --git a/data/features/team-mentions-setting.yml b/data/features/team-mentions-setting.yml
diff --git a/data/features/token-audit-log.yml b/data/features/token-audit-log.yml
diff --git a/data/features/totp-and-mobile-sudo-challenge.yml b/data/features/totp-and-mobile-sudo-challenge.yml
diff --git a/data/features/upload-expired-or-revoked-gpg-key.yml b/data/features/upload-expired-or-revoked-gpg-key.yml
diff --git a/data/features/workflow-nav-2022.yml b/data/features/workflow-nav-2022.yml
diff --git a/src/code-scanning/scripts/generate-code-scanning-query-list.ts b/src/code-scanning/scripts/generate-code-scanning-query-list.ts
@@ -55,8 +55,8 @@ import chalk from 'chalk'
 import { program } from 'commander'
 // We don't want to introduce a global dependency on @github/cocofix, so we install it by hand
 // as described above and suppress the import warning.
-import { getSupportedQueries } from '@github/cocofix/dist/querySuites.js' // eslint-disable-line import/no-extraneous-dependencies
-import { type Language } from '@github/cocofix/dist/codeql' // eslint-disable-line import/no-extraneous-dependencies
+import { getSupportedQueries } from '@github/cocofix/dist/querySuites.js' /* eslint-disable-line import/no-extraneous-dependencies, import/no-unresolved */
+import type { Language } from 'codeql-ts'
 
 program
   .description('Generate a reusable Markdown for for a code scanning query language')