Repo sync

content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md

@@ -285,7 +285,7 @@ If your codebase depends on a library or framework that is not recognized by the
 
 {% data reusables.code-scanning.beta-model-packs %}
 
-{% ifversion codeql-threat-models-java %}
+{% ifversion codeql-threat-models %}
 
 ### Using {% data variables.product.prodname_codeql %} model packs
 
@@ -501,7 +501,7 @@ packs:
 {% endraw %}
 {% endif %}
 
-{% ifversion codeql-threat-models-java %}
+{% ifversion codeql-threat-models %}
 
 ### Extending {% data variables.product.prodname_codeql %} coverage with threat models
 

content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md

@@ -15,8 +15,8 @@ topics:
 
 After running an initial analysis of your code with default setup, you may need to make changes to your configuration to better meet your code security needs. For existing configurations of default setup, you can edit{% ifversion code-scanning-without-workflow-310 %}:
 - Which languages default setup will analyze.
-- {% endif %} The query suite run during analysis. For more information on the available query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."{% ifversion codeql-threat-models-java %}
-- The threat models (beta) to use for analysis. Your choice of threat model determines which sources of tainted data are treated as a risk to your application. During the beta, threat models are supported only by Java analysis. For more information about threat models, see "[Including local sources of tainted data in default setup](#including-local-sources-of-tainted-data-in-default-setup)."
+- {% endif %} The query suite run during analysis. For more information on the available query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."{% ifversion codeql-threat-models %}
+- The threat models (beta) to use for analysis. Your choice of threat model determines which sources of tainted data are treated as a risk to your application. During the beta, threat models are supported only for analysis of {% data variables.code-scanning.code_scanning_threat_model_support %}. For more information about threat models, see "[Including local sources of tainted data in default setup](#including-local-sources-of-tainted-data-in-default-setup)."
 {% endif %}
 
 {% ifversion codeql-model-packs %}
@@ -37,7 +37,7 @@ If you need to change any other aspects of your {% data variables.product.prodna
 1. In the "{% data variables.product.prodname_codeql %} analysis" row of the "{% data variables.product.prodname_code_scanning_caps %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click {% octicon "gear" aria-hidden="true" %} **View {% data variables.product.prodname_codeql %} configuration**.
 1. In the "{% data variables.product.prodname_codeql %} default configuration" window, click {% octicon "pencil" aria-hidden="true" %} **Edit**.
 1. Optionally, in the "Languages" section, select or deselect languages for analysis.
-1. Optionally, in the "Query suite" row of the "Scan settings" section, select a different query suite to run against your code.{% ifversion codeql-threat-models-java %}
+1. Optionally, in the "Query suite" row of the "Scan settings" section, select a different query suite to run against your code.{% ifversion codeql-threat-models %}
 1. (Beta) Optionally, in the "Threat model" row of the "Scan settings" section, select **Remote and local sources**.
 {% endif %}
 1. To update your configuration, as well as run an initial analysis of your code with the new configuration, click **Save changes**. All future analyses will use your new configuration.
@@ -64,7 +64,7 @@ If you need to change any other aspects of your {% data variables.product.prodna
 1. Under "{% data variables.product.prodname_code_scanning_caps %}", in the "Protection rules" section, use the drop-down menu to define which alerts should cause a check failure. Choose one level for alerts of type "Security" and one level for all other alerts.{% else %}
 1. Under "{% data variables.product.prodname_code_scanning_caps %}", to the right of "Check Failure", use the drop-down menu to select the level of severity you would like to cause a pull request check failure.{% endif %}
 
-{% ifversion codeql-threat-models-java %}
+{% ifversion codeql-threat-models %}
 
 ## Including local sources of tainted data in default setup
 

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries.md

@@ -296,13 +296,13 @@ For more information, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advan
 
 For information about creating custom query suites, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites)."
 
-{% ifversion codeql-cli-threat-models-java %}
+{% ifversion codeql-cli-threat-models %}
 
 ### Including model packs to add potential sources of tainted data
 
 {% data reusables.code-scanning.beta-threat-models-cli %}
 
-You can configure threat models in a {% data variables.product.prodname_code_scanning %} analysis. For more information, see "[Customizing library models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin)" in the {% data variables.product.prodname_codeql %} documentation.
+You can configure threat models in a {% data variables.product.prodname_code_scanning %} analysis. For more information, see "[Threat models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#threat-models)" and "[Threat models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/#threat-models)" in the {% data variables.product.prodname_codeql %} documentation.
 
 ```shell
 $ codeql database analyze /codeql-dbs/my-company --format=sarif-latest \

data/features/codeql-cli-threat-models-java.yml → data/features/codeql-cli-threat-models.yml

@@ -1,4 +1,4 @@
-# Reference: #12431.
+# Reference: #12431 and #13323
 # Documentation for CodeQL threat models for CodeQL CLI
 versions:
   fpt: '*'

data/features/codeql-threat-models-java.yml → data/features/codeql-threat-models.yml

@@ -1,4 +1,4 @@
-# Reference: #12431.
+# Reference: #12431 and #13323
 # Documentation for CodeQL threat models
 versions:
   fpt: '*'

data/reusables/code-scanning/beta-threat-models-cli.md

@@ -1,8 +1,8 @@
-{% ifversion codeql-cli-threat-models-java %}
+{% ifversion codeql-cli-threat-models %}
 
 {% note %}
 
-**Note:** Threat models are currently in beta and subject to change. During the beta, threat models are supported only by Java analysis.
+**Note:** Threat models are currently in beta and subject to change. During the beta, threat models are supported only by analysis for {% data variables.code-scanning.code_scanning_threat_model_support %}.
 
 {% endnote %}
 

data/reusables/code-scanning/beta-threat-models.md

@@ -1,8 +1,8 @@
-{% ifversion codeql-threat-models-java %}
+{% ifversion codeql-threat-models %}
 
 {% note %}
 
-**Note:** Threat models are currently in beta and subject to change. During the beta, threat models are supported only by Java analysis.
+**Note:** Threat models are currently in beta and subject to change. During the beta, threat models are supported only by analysis for {% data variables.code-scanning.code_scanning_threat_model_support %}.
 
 {% endnote %}
 

data/variables/code-scanning.yml

@@ -14,3 +14,6 @@ compiled_languages: 'C/C++, C#, {% ifversion codeql-go-autobuild %} Go,{% endif
 
 # List of languages where the libraries support expansion using CodeQL model packs at the repository level.
 codeql_model_packs_support: 'Java/Kotlin and C#'
+
+# List of that allow threat models to be configurable for code scanning
+code_scanning_threat_model_support: 'Java/Kotlin{% ifversion fpt or ghec or ghes > 3.12 %} and C#{% endif %}'