Skip to content

Commit c91bda2

Browse files
authored
Merge pull request #32442 from github/repo-sync
Repo sync
2 parents 4a5f872 + 8e4d423 commit c91bda2

File tree

8 files changed

+17
-14
lines changed

8 files changed

+17
-14
lines changed

content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -285,7 +285,7 @@ If your codebase depends on a library or framework that is not recognized by the
285285

286286
{% data reusables.code-scanning.beta-model-packs %}
287287

288-
{% ifversion codeql-threat-models-java %}
288+
{% ifversion codeql-threat-models %}
289289

290290
### Using {% data variables.product.prodname_codeql %} model packs
291291

@@ -501,7 +501,7 @@ packs:
501501
{% endraw %}
502502
{% endif %}
503503

504-
{% ifversion codeql-threat-models-java %}
504+
{% ifversion codeql-threat-models %}
505505

506506
### Extending {% data variables.product.prodname_codeql %} coverage with threat models
507507

content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ topics:
1515

1616
After running an initial analysis of your code with default setup, you may need to make changes to your configuration to better meet your code security needs. For existing configurations of default setup, you can edit{% ifversion code-scanning-without-workflow-310 %}:
1717
- Which languages default setup will analyze.
18-
- {% endif %} The query suite run during analysis. For more information on the available query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."{% ifversion codeql-threat-models-java %}
19-
- The threat models (beta) to use for analysis. Your choice of threat model determines which sources of tainted data are treated as a risk to your application. During the beta, threat models are supported only by Java analysis. For more information about threat models, see "[Including local sources of tainted data in default setup](#including-local-sources-of-tainted-data-in-default-setup)."
18+
- {% endif %} The query suite run during analysis. For more information on the available query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."{% ifversion codeql-threat-models %}
19+
- The threat models (beta) to use for analysis. Your choice of threat model determines which sources of tainted data are treated as a risk to your application. During the beta, threat models are supported only for analysis of {% data variables.code-scanning.code_scanning_threat_model_support %}. For more information about threat models, see "[Including local sources of tainted data in default setup](#including-local-sources-of-tainted-data-in-default-setup)."
2020
{% endif %}
2121

2222
{% ifversion codeql-model-packs %}
@@ -37,7 +37,7 @@ If you need to change any other aspects of your {% data variables.product.prodna
3737
1. In the "{% data variables.product.prodname_codeql %} analysis" row of the "{% data variables.product.prodname_code_scanning_caps %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click {% octicon "gear" aria-hidden="true" %} **View {% data variables.product.prodname_codeql %} configuration**.
3838
1. In the "{% data variables.product.prodname_codeql %} default configuration" window, click {% octicon "pencil" aria-hidden="true" %} **Edit**.
3939
1. Optionally, in the "Languages" section, select or deselect languages for analysis.
40-
1. Optionally, in the "Query suite" row of the "Scan settings" section, select a different query suite to run against your code.{% ifversion codeql-threat-models-java %}
40+
1. Optionally, in the "Query suite" row of the "Scan settings" section, select a different query suite to run against your code.{% ifversion codeql-threat-models %}
4141
1. (Beta) Optionally, in the "Threat model" row of the "Scan settings" section, select **Remote and local sources**.
4242
{% endif %}
4343
1. To update your configuration, as well as run an initial analysis of your code with the new configuration, click **Save changes**. All future analyses will use your new configuration.
@@ -64,7 +64,7 @@ If you need to change any other aspects of your {% data variables.product.prodna
6464
1. Under "{% data variables.product.prodname_code_scanning_caps %}", in the "Protection rules" section, use the drop-down menu to define which alerts should cause a check failure. Choose one level for alerts of type "Security" and one level for all other alerts.{% else %}
6565
1. Under "{% data variables.product.prodname_code_scanning_caps %}", to the right of "Check Failure", use the drop-down menu to select the level of severity you would like to cause a pull request check failure.{% endif %}
6666

67-
{% ifversion codeql-threat-models-java %}
67+
{% ifversion codeql-threat-models %}
6868

6969
## Including local sources of tainted data in default setup
7070

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -296,13 +296,13 @@ For more information, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advan
296296

297297
For information about creating custom query suites, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites)."
298298

299-
{% ifversion codeql-cli-threat-models-java %}
299+
{% ifversion codeql-cli-threat-models %}
300300

301301
### Including model packs to add potential sources of tainted data
302302

303303
{% data reusables.code-scanning.beta-threat-models-cli %}
304304

305-
You can configure threat models in a {% data variables.product.prodname_code_scanning %} analysis. For more information, see "[Customizing library models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin)" in the {% data variables.product.prodname_codeql %} documentation.
305+
You can configure threat models in a {% data variables.product.prodname_code_scanning %} analysis. For more information, see "[Threat models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#threat-models)" and "[Threat models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/#threat-models)" in the {% data variables.product.prodname_codeql %} documentation.
306306

307307
```shell
308308
$ codeql database analyze /codeql-dbs/my-company --format=sarif-latest \

data/features/codeql-cli-threat-models-java.yml renamed to data/features/codeql-cli-threat-models.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Reference: #12431.
1+
# Reference: #12431 and #13323
22
# Documentation for CodeQL threat models for CodeQL CLI
33
versions:
44
fpt: '*'

data/features/codeql-threat-models-java.yml renamed to data/features/codeql-threat-models.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Reference: #12431.
1+
# Reference: #12431 and #13323
22
# Documentation for CodeQL threat models
33
versions:
44
fpt: '*'

data/reusables/code-scanning/beta-threat-models-cli.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1-
{% ifversion codeql-cli-threat-models-java %}
1+
{% ifversion codeql-cli-threat-models %}
22

33
{% note %}
44

5-
**Note:** Threat models are currently in beta and subject to change. During the beta, threat models are supported only by Java analysis.
5+
**Note:** Threat models are currently in beta and subject to change. During the beta, threat models are supported only by analysis for {% data variables.code-scanning.code_scanning_threat_model_support %}.
66

77
{% endnote %}
88

data/reusables/code-scanning/beta-threat-models.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1-
{% ifversion codeql-threat-models-java %}
1+
{% ifversion codeql-threat-models %}
22

33
{% note %}
44

5-
**Note:** Threat models are currently in beta and subject to change. During the beta, threat models are supported only by Java analysis.
5+
**Note:** Threat models are currently in beta and subject to change. During the beta, threat models are supported only by analysis for {% data variables.code-scanning.code_scanning_threat_model_support %}.
66

77
{% endnote %}
88

data/variables/code-scanning.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,3 +14,6 @@ compiled_languages: 'C/C++, C#, {% ifversion codeql-go-autobuild %} Go,{% endif
1414

1515
# List of languages where the libraries support expansion using CodeQL model packs at the repository level.
1616
codeql_model_packs_support: 'Java/Kotlin and C#'
17+
18+
# List of that allow threat models to be configurable for code scanning
19+
code_scanning_threat_model_support: 'Java/Kotlin{% ifversion fpt or ghec or ghes > 3.12 %} and C#{% endif %}'

0 commit comments

Comments
 (0)