diff --git a/content/copilot/tutorials/spark/deploy-from-cli.md b/content/copilot/tutorials/spark/deploy-from-cli.md
new file mode 100644
index 000000000000..b164bc8b22a3
--- /dev/null
+++ b/content/copilot/tutorials/spark/deploy-from-cli.md
@@ -0,0 +1,71 @@
+---
+title: Deploy your Spark app from the command line
+shortTitle: Deploy from CLI
+intro: 'Learn how to deploy your {% data variables.product.prodname_spark_short %} app from the command line.'
+allowTitleToDifferFromFilename: true
+topics:
+  - Copilot
+  - CLI
+versions:
+  feature: spark
+product: '{% data variables.copilot.copilot_pro_plus_short %}, {% data variables.copilot.copilot_enterprise_short %}'
+contentType: tutorials
+---
+
+## Introduction
+
+If you’re developing your spark further in a {% data variables.product.github %} codespace, you can deploy it directly from the command line using the {% data variables.product.prodname_spark_short %} CLI, an extension of the {% data variables.product.prodname_cli %}.
+
+### Prerequisites
+
+* **Access to {% data variables.product.prodname_copilot %}**. You need a {% data variables.copilot.copilot_pro_plus_short %} or {% data variables.copilot.copilot_enterprise_short %} license to use {% data variables.product.prodname_spark_short %}. See [AUTOTITLE](/copilot/about-github-copilot/what-is-github-copilot#getting-access-to-copilot).
+* You must have **built a {% data variables.product.prodname_spark_short %} app** (a "spark"). To start building, navigate to [{% data variables.product.prodname_spark_short %}](https://github.com/spark).
+* You have **created a repository** for your spark on {% data variables.product.github %}. For instructions, see [AUTOTITLE](/copilot/tutorials/spark/build-apps-with-spark#step-8-invite-collaborators-with-a-repository).
+
+## Open your spark in a codespace
+
+The {% data variables.product.prodname_spark_short %} CLI currently only works within a {% data variables.product.github %} codespace.
+
+1. Navigate to the main page of your spark's repository on {% data variables.product.github %}.
+1. Click the **{% octicon "code" aria-hidden="true" aria-label="code" %} Code** button, then click the **Codespaces** tab.
+1. Click **{% octicon "plus" aria-label="Create a codespace on main" %}** to create a codespace. The codespace opens in a new browser tab.
+
+## Install the {% data variables.product.prodname_spark_short %} CLI
+
+1. In the terminal in your codespace, run the following command to install the {% data variables.product.prodname_spark_short %} CLI:
+
+   ```bash copy
+   gh extensions install github/gh-runtime-cli
+   ```
+
+1. Once the installation is complete, to verify that the {% data variables.product.prodname_spark_short %} CLI is installed, run:
+
+   ```bash copy
+   gh runtime-cli version
+   ```
+
+## Build your spark
+
+1. In the terminal in your codespace, run the following command to install the latest version of the {% data variables.product.prodname_spark_short %} SDK:
+
+   ```bash copy
+   npm install @github/spark@latest
+   ```
+
+1. Next, run the following command to compile your {% data variables.product.prodname_spark_short %} app.
+
+   ```bash copy
+   npm run build
+   ```
+
+## Deploy your spark
+
+1. To deploy your {% data variables.product.prodname_spark_short %} app, run:
+
+   ```bash copy
+   gh runtime-cli deploy --dir ./dist
+   ```
+
+## Troubleshooting
+
+If you're being asked to supply the `--app` parameter when deploying your spark, update to the latest version of the {% data variables.product.prodname_spark_short %} SDK by following step 1 in [Build your spark](#build-your-spark).
diff --git a/content/copilot/tutorials/spark/index.md b/content/copilot/tutorials/spark/index.md
index c93cae7a7c7a..fa19b44bd58b 100644
--- a/content/copilot/tutorials/spark/index.md
+++ b/content/copilot/tutorials/spark/index.md
@@ -10,5 +10,6 @@ children:
   - /your-first-spark
   - /prompt-tips
   - /build-apps-with-spark
+  - /deploy-from-cli
 contentType: tutorials
 ---
\ No newline at end of file
diff --git a/data/reusables/code-scanning/codeql-query-tables/java.md b/data/reusables/code-scanning/codeql-query-tables/java.md
index 1f4f6aef33f5..3eeeabd4e9a8 100644
--- a/data/reusables/code-scanning/codeql-query-tables/java.md
+++ b/data/reusables/code-scanning/codeql-query-tables/java.md
@@ -48,6 +48,7 @@
 | [Reading from a world writable file](https://codeql.github.com/codeql-query-help/java/java-world-writable-file-read/) | 732 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Regular expression injection](https://codeql.github.com/codeql-query-help/java/java-regex-injection/) | 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Resolving XML external entity in user-controlled data](https://codeql.github.com/codeql-query-help/java/java-xxe/) | 611, 776, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Sensitive cookies without the HttpOnly response header set](https://codeql.github.com/codeql-query-help/java/java-sensitive-cookie-not-httponly/) | 1004 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Server-side request forgery](https://codeql.github.com/codeql-query-help/java/java-ssrf/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Server-side template injection](https://codeql.github.com/codeql-query-help/java/java-server-side-template-injection/) | 1336, 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Uncontrolled command line](https://codeql.github.com/codeql-query-help/java/java-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
diff --git a/data/reusables/code-scanning/codeql-query-tables/python.md b/data/reusables/code-scanning/codeql-query-tables/python.md
index a30de7580a53..38e14e2a23b9 100644
--- a/data/reusables/code-scanning/codeql-query-tables/python.md
+++ b/data/reusables/code-scanning/codeql-query-tables/python.md
@@ -13,7 +13,7 @@
 | [CSRF protection weakened or disabled](https://codeql.github.com/codeql-query-help/python/py-csrf-protection-disabled/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Default version of SSL/TLS may be insecure](https://codeql.github.com/codeql-query-help/python/py-insecure-default-protocol/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Deserialization of user-controlled data](https://codeql.github.com/codeql-query-help/python/py-unsafe-deserialization/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Failure to use secure cookies](https://codeql.github.com/codeql-query-help/python/py-insecure-cookie/) | 614, 1004, 1275 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Failure to use secure cookies](https://codeql.github.com/codeql-query-help/python/py-insecure-cookie/) | 614 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Flask app is run in debug mode](https://codeql.github.com/codeql-query-help/python/py-flask-debug/) | 215, 489 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Full server-side request forgery](https://codeql.github.com/codeql-query-help/python/py-full-ssrf/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [HTTP Response Splitting](https://codeql.github.com/codeql-query-help/python/py-http-response-splitting/) | 113, 079 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -29,6 +29,8 @@
 | [Polynomial regular expression used on uncontrolled data](https://codeql.github.com/codeql-query-help/python/py-polynomial-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Reflected server-side cross-site scripting](https://codeql.github.com/codeql-query-help/python/py-reflective-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Regular expression injection](https://codeql.github.com/codeql-query-help/python/py-regex-injection/) | 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Sensitive cookie missing `HttpOnly` attribute](https://codeql.github.com/codeql-query-help/python/py-client-exposed-cookie/) | 1004 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Sensitive cookie with `SameSite` attribute set to `None`](https://codeql.github.com/codeql-query-help/python/py-samesite-none-cookie/) | 1275 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Server Side Template Injection](https://codeql.github.com/codeql-query-help/python/py-template-injection/) | 074 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [SQL query built from user-controlled sources](https://codeql.github.com/codeql-query-help/python/py-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Uncontrolled command line](https://codeql.github.com/codeql-query-help/python/py-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
diff --git a/data/reusables/code-scanning/codeql-query-tables/rust.md b/data/reusables/code-scanning/codeql-query-tables/rust.md
index d57334d27f41..f18c7c47b8f5 100644
--- a/data/reusables/code-scanning/codeql-query-tables/rust.md
+++ b/data/reusables/code-scanning/codeql-query-tables/rust.md
@@ -2,8 +2,8 @@
 
 | Query name | Related CWEs | Default | Extended | {% data variables.copilot.copilot_autofix_short %} |
 | --- | --- | --- | --- | --- |
-| [Access of invalid pointer](https://codeql.github.com/codeql-query-help/rust/rust-access-invalid-pointer/) | 476, 825 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | ['Secure' attribute is not set to true](https://codeql.github.com/codeql-query-help/rust/rust-insecure-cookie/) | 319, 614 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Access of invalid pointer](https://codeql.github.com/codeql-query-help/rust/rust-access-invalid-pointer/) | 476, 825 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Cleartext logging of sensitive information](https://codeql.github.com/codeql-query-help/rust/rust-cleartext-logging/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Cleartext storage of sensitive information in a database](https://codeql.github.com/codeql-query-help/rust/rust-cleartext-storage-database/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Cleartext transmission of sensitive information](https://codeql.github.com/codeql-query-help/rust/rust-cleartext-transmission/) | 319 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |