From 170bd5b0d8652be12f27ffa4f99fda805cb6258b Mon Sep 17 00:00:00 2001
From: a1exmozz <187176404+a1exmozz@users.noreply.github.com>
Date: Fri, 10 Oct 2025 12:10:18 +0100
Subject: [PATCH 1/2] Add Best Practices Documentation for Enterprise Copilot
 Usage (#57870)

Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com>

From 64f24ee4447f8825d8527cbf14fabdc192fdc843 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 10 Oct 2025 14:31:27 +0100
Subject: [PATCH 2/2] Rust: Update reusables and content for Rust GA. (#57766)

Co-authored-by: Paolo Tranquilli <redsun82@github.com>
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
---
 ...ql-code-scanning-for-compiled-languages.md | 23 +++++++++++++++++--
 ...preparing-your-code-for-codeql-analysis.md | 12 +++++++++-
 .../github-language-support.md                |  2 +-
 data/features/codeql-rust-available.yml       |  4 ++++
 .../autobuild-add-build-steps.md              |  2 +-
 .../codeql-language-identifiers-table.md      |  5 ++++
 .../code-scanning/codeql-languages-bullets.md |  3 ++-
 .../codeql-languages-keywords.md              |  2 +-
 data/reusables/supported-languages/rust.md    |  2 +-
 data/tables/supported-code-languages.yml      |  8 +++++++
 data/variables/code-scanning.yml              | 14 +++++++----
 11 files changed, 65 insertions(+), 12 deletions(-)
 create mode 100644 data/features/codeql-rust-available.yml

diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
index ca2f89baea58..b68fbf049813 100644
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
@@ -49,8 +49,8 @@ You can use dependency caching with {% data variables.product.prodname_codeql %}
 The {% data variables.product.prodname_codeql %} action supports three different build modes for compiled languages:
 
 * `none` - the {% data variables.product.prodname_codeql %} database is created directly from the codebase without building the codebase (supported for all interpreted languages, and additionally supported for {% data variables.code-scanning.no_build_support %}).
-* `autobuild` - {% data variables.product.prodname_codeql %} detects the most likely build method and uses this to attempt to build the codebase and create a database for analysis (supported for all compiled languages).
-* `manual` - you define the build steps to use for the codebase in the workflow (supported for all compiled languages{% ifversion codeql-rust-public-preview %}, except Rust{% endif %}).
+* `autobuild` - {% data variables.product.prodname_codeql %} detects the most likely build method and uses this to attempt to build the codebase and create a database for analysis (supported for {% data variables.code-scanning.autobuild_support %}).
+* `manual` - you define the build steps to use for the codebase in the workflow (supported for {% data variables.code-scanning.manual_build_support %}).
 
 ### Comparison of the build modes
 
@@ -251,6 +251,9 @@ If you added manual build steps for compiled languages and {% data variables.pro
 * [Building C#](#building-c)
 * [Building Go](#building-go)
 * [Building Java and Kotlin](#building-java-and-kotlin)
+{% ifversion codeql-rust-available %}
+* [Building Rust](#building-rust)
+{% endif %}
 * [Building Swift](#building-swift)
 
 > [!NOTE]
@@ -494,6 +497,22 @@ You will also need to install the build system (for example `make`, `cmake`, `ba
 
 Windows runners require `powershell.exe` to be on the `PATH`.
 
+{% ifversion codeql-rust-available %}
+
+## Building Rust
+
+{% data variables.product.prodname_codeql %} supports build mode `none` for Rust code.
+
+### No build for Rust
+
+{% data variables.product.prodname_codeql %} uses `rust-analyzer` to compile and run build scripts (`build.rs` files) and compile macro code, but does not invoke a full build. A database is created from all Rust files present. A `Cargo.toml` or `rust-project.json` file must be present.
+
+### Runner requirements for Rust
+
+Rust analysis requires `rustup` and `cargo` to be installed.
+
+{% endif %}
+
 ## Building Swift
 
 {% data variables.product.prodname_codeql %} supports build modes `autobuild` or `manual` for Swift code.
diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md
index 703bbe37413b..3e5310a546a6 100644
--- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md
+++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md
@@ -199,7 +199,7 @@ In addition, for {% data variables.code-scanning.no_build_support %}, there is a
 
 ### Automatically detecting the build system
 
-The {% data variables.product.prodname_codeql_cli %} includes autobuilders for {% data variables.code-scanning.compiled_languages %} code. {% data variables.product.prodname_codeql %} autobuilders allow you to build projects for compiled languages without specifying any build commands. When an autobuilder is invoked, {% data variables.product.prodname_codeql %} examines the source for evidence of a build system and attempts to run the optimal set of commands required to extract a database. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-autobuild).
+The {% data variables.product.prodname_codeql_cli %} includes autobuilders for {% data variables.code-scanning.autobuild_support %} code. {% data variables.product.prodname_codeql %} autobuilders allow you to build projects for compiled languages without specifying any build commands. When an autobuilder is invoked, {% data variables.product.prodname_codeql %} examines the source for evidence of a build system and attempts to run the optimal set of commands required to extract a database. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-autobuild).
 
 An autobuilder is invoked automatically when you execute `codeql database create` for a compiled language if you don’t include a
 `--command` option or set `--build-mode none`. For example, for a Swift codebase, you could simply run:
@@ -268,6 +268,16 @@ The following examples are designed to give you an idea of some of the build com
   codeql database create java-database --language=java-kotlin --command='ant -f build.xml'
   ```
 
+{% ifversion codeql-rust-available %}
+
+* Rust project built using Cargo:
+
+  ```shell
+  codeql database create rust-database --language=rust
+  ```
+
+{% endif %}
+
 * Swift project built from an Xcode project or workspace. By default, the largest Swift target is built:
 
   It's a good idea to ensure that the project is in a clean state and that there are no build artifacts available.
diff --git a/content/get-started/learning-about-github/github-language-support.md b/content/get-started/learning-about-github/github-language-support.md
index 4ab9c7c2b5f5..69603cdd83da 100644
--- a/content/get-started/learning-about-github/github-language-support.md
+++ b/content/get-started/learning-about-github/github-language-support.md
@@ -55,4 +55,4 @@ Some features are supported for additional languages or package managers. If you
 > {% ifversion fpt or ghec %}The language support for {% data variables.product.prodname_copilot %} varies depending on the volume and diversity of training data for that language.{% endif %}
 > The support of Gradle for the dependency graph and {% data variables.product.prodname_dependabot_alerts %} is limited to the upload of data obtained using the {% data variables.dependency-submission-api.name %}.
 
-[^1]: {% ifversion codeql-rust-public-preview %}PHP and Scala {% else %}PHP, Rust, and Scala {% endif %}are supported for code scanning by third-party actions, but not by {% data variables.product.prodname_codeql %}.
+[^1]: {% ifversion codeql-rust-available %}PHP and Scala {% elsif codeql-rust-public-preview %}PHP and Scala {% else %}PHP, Rust, and Scala {% endif %}are supported for code scanning by third-party actions, but not by {% data variables.product.prodname_codeql %}.
diff --git a/data/features/codeql-rust-available.yml b/data/features/codeql-rust-available.yml
new file mode 100644
index 000000000000..b7027e4ae643
--- /dev/null
+++ b/data/features/codeql-rust-available.yml
@@ -0,0 +1,4 @@
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.20'
diff --git a/data/reusables/code-scanning/autobuild-add-build-steps.md b/data/reusables/code-scanning/autobuild-add-build-steps.md
index 1304f953a758..e7eb1d4e4880 100644
--- a/data/reusables/code-scanning/autobuild-add-build-steps.md
+++ b/data/reusables/code-scanning/autobuild-add-build-steps.md
@@ -3,4 +3,4 @@ If `autobuild` fails, or you want to analyze a different set of source files fro
 * If your workflow specifies a build mode for the language, change the build mode to `manual`.
 * If your workflow contains an `autobuild` step, remove or comment out the `autobuild` step in the workflow.
 
- Then uncomment the `run` step and manually specify the build process to use. For {% data variables.code-scanning.compiled_languages %}, {% data variables.product.prodname_codeql %} will analyze whatever source code is built by your specified build steps.
+ Then uncomment the `run` step and manually specify the build process to use. For {% data variables.code-scanning.manual_build_support %}, {% data variables.product.prodname_codeql %} will analyze whatever source code is built by your specified build steps.
diff --git a/data/reusables/code-scanning/codeql-language-identifiers-table.md b/data/reusables/code-scanning/codeql-language-identifiers-table.md
index 5bfd7f9bf9d8..4b877df80d17 100644
--- a/data/reusables/code-scanning/codeql-language-identifiers-table.md
+++ b/data/reusables/code-scanning/codeql-language-identifiers-table.md
@@ -11,4 +11,9 @@
 | JavaScript/TypeScript | `javascript-typescript` | `javascript` or `typescript` |
 | Python | `python` |
 | Ruby | `ruby` |
+| {% ifversion codeql-rust-available %} |
+Rust | `rust`
+| {% else ifversion codeql-rust-public-preview %}
+| Rust (public preview) | `rust` |
+| {% endif %}
 | Swift | `swift` |
diff --git a/data/reusables/code-scanning/codeql-languages-bullets.md b/data/reusables/code-scanning/codeql-languages-bullets.md
index 8bea8e4c1396..27c5576f1870 100644
--- a/data/reusables/code-scanning/codeql-languages-bullets.md
+++ b/data/reusables/code-scanning/codeql-languages-bullets.md
@@ -5,7 +5,8 @@
 * Java/Kotlin
 * JavaScript/TypeScript
 * Python
-* Ruby{% ifversion codeql-rust-public-preview %}
+* Ruby{% ifversion codeql-rust-available %}
+* Rust{% else ifversion codeql-rust-public-preview %}
 * Rust (public preview){% endif %}
 * Swift
 {% ifversion code-scanning-actions-language %}* {% data variables.product.prodname_actions %} workflows{% endif %}
diff --git a/data/reusables/code-scanning/codeql-languages-keywords.md b/data/reusables/code-scanning/codeql-languages-keywords.md
index 132601dff0fc..5d3c14d57bb7 100644
--- a/data/reusables/code-scanning/codeql-languages-keywords.md
+++ b/data/reusables/code-scanning/codeql-languages-keywords.md
@@ -1 +1 @@
-`c-cpp`, `csharp`, `go`, `java-kotlin`, `javascript-typescript`, `python`, `ruby`, and `swift`
+`c-cpp`, `csharp`, `go`, `java-kotlin`, `javascript-typescript`, `python`, `ruby`{% ifversion codeql-rust-available %}, `rust`{% endif %} and `swift`
diff --git a/data/reusables/supported-languages/rust.md b/data/reusables/supported-languages/rust.md
index e05e538c865a..f880c759dd57 100644
--- a/data/reusables/supported-languages/rust.md
+++ b/data/reusables/supported-languages/rust.md
@@ -1 +1 @@
-| Rust {% ifversion fpt or ghec %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% ifversion codeql-rust-public-preview %} {% octicon "check" aria-label="Supported" %}<br>(Public preview) {% else %}{% octicon "check" aria-label="Supported" %}<br>third-party [^1] {% endif %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% elsif ghes %} | {% octicon "check" aria-label="Supported" %}<br>third-party [^1] | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% endif %}
+| Rust {% ifversion fpt or ghec %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% ifversion codeql-rust-available %} {% octicon "check" aria-label="Supported" %} {% else ifversion codeql-rust-public-preview %} {% octicon "check" aria-label="Supported" %}<br>(Public preview) {% else %}{% octicon "check" aria-label="Supported" %}<br>third-party [^1] {% endif %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% elsif ghes %} | {% octicon "check" aria-label="Supported" %}<br>third-party [^1] | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Unsupported" %} |{% endif %}
diff --git a/data/tables/supported-code-languages.yml b/data/tables/supported-code-languages.yml
index fe0c57438509..8d1e252ca939 100644
--- a/data/tables/supported-code-languages.yml
+++ b/data/tables/supported-code-languages.yml
@@ -119,6 +119,14 @@ languages:
     depUpdates: 'RubyGems'
     actions: 'supported'
     packages: 'RubyGems'
+  Rust:
+    copilot: 'supported'
+    codeNavigation: 'supported'
+    codeScanning: 'supported'
+    depGraph: 'supported'
+    depUpdates: 'supported'
+    actions: 'supported'
+    packages: 'not-supported'
   Scala:
     copilot: 'supported'
     codeNavigation: 'not-supported'
diff --git a/data/variables/code-scanning.yml b/data/variables/code-scanning.yml
index bd33e5fa1d92..a8dcb48b8935 100644
--- a/data/variables/code-scanning.yml
+++ b/data/variables/code-scanning.yml
@@ -7,13 +7,19 @@ codeql_workflow: 'CodeQL analysis workflow'
 tool_status_page: 'tool status page'
 
 # List of compiled languages supported for `no-build` extraction
-no_build_support: '{% ifversion codeql-no-build-c-cpp %}C/C++, {% endif %}{% ifversion codeql-no-build-csharp %}C# and{% endif %} Java'
+no_build_support: '{% ifversion codeql-no-build-c-cpp %}C/C++, {% endif %}{% ifversion codeql-no-build-csharp %}C#{% ifversion codeql-rust-available %},{% else %} and{% endif %}{% endif %} Java{% ifversion codeql-rust-available %} and Rust{% endif %}'
+
+# All compiled languages supported for `autobuild` extraction
+autobuild_support: 'C/C++, C#, Go, Java, Kotlin, and Swift'
+
+# All compiled languages supported for `manual` extraction
+manual_build_support: 'C/C++, C#, Go, Java, Kotlin, and Swift'
 
 # List of compiled languages
-compiled_languages: 'C/C++, C#, Go, Java, Kotlin, {% ifversion codeql-rust-public-preview %}Rust (public preview), {% endif %}and Swift'
+compiled_languages: 'C/C++, C#, Go, Java, Kotlin, {% ifversion codeql-rust-available %}Rust, {% else ifversion codeql-rust-public-preview %}Rust (public preview), {% endif %}and Swift'
 
 # List of languages where the libraries support expansion using CodeQL model packs at the repository level.
-codeql_model_packs_support: '{% ifversion fpt or ghec or ghes > 3.14 %} C/C++, C#, Java/Kotlin, Python, and Ruby{% elsif ghes %}C#, Java/Kotlin, and Ruby{% endif %}'
+codeql_model_packs_support: 'C/C++, C#, Java/Kotlin, Python, {% ifversion codeql-rust-available %}Ruby, and Rust{% else %}and Ruby{% endif %}'
 
 # List of languages that the model editor in the CodeQL extension for VS Code supports
 codeql_model_editor_support: '{% ifversion fpt or ghec or ghes > 3.14 %} C#, Java/Kotlin, Python, and Ruby{% elsif ghes %}C#, Java/Kotlin, and Ruby{% endif %}'
@@ -22,7 +28,7 @@ codeql_model_editor_support: '{% ifversion fpt or ghec or ghes > 3.14 %} C#, Jav
 code_scanning_threat_model_support: 'Java/Kotlin and C#'
 
 # List of languages that Copilot Autofix Agent supports
-codeql_autofix_languages: ' C#, C/C++, Go, Java/Kotlin, Swift, JavaScript/TypeScript, Python, and Ruby'
+codeql_autofix_languages: 'C#, C/C++, Go, Java/Kotlin, Swift, JavaScript/TypeScript, Python, {% ifversion codeql-rust-available %}Ruby, and Rust{% else %}and Ruby{% endif %}'
 
 # List of languages that CodeQL dependency caching supports
 codeql_dependency_caching_languages: 'Java, Go, and C#'