Add content for static analysis tools in Copilot code review (#58514)

sabrowning1 · ria-gopu · hubwriter · web-flow · commit 6fb62450110a · 2025-11-20T19:48:04.000Z
Co-authored-by: Ria Gopu &lt;ria-gopu@github.com&gt;
Co-authored-by: hubwriter &lt;hubwriter@github.com&gt;
Co-authored-by: Siara &lt;108543037+SiaraMist@users.noreply.github.com&gt;
diff --git a/content/copilot/concepts/agents/code-review.md b/content/copilot/concepts/agents/code-review.md
@@ -37,7 +37,7 @@ This article provides an overview of {% data variables.copilot.copilot_code-revi
 {% data variables.copilot.copilot_code-review_short %} has several new tools that are in {% data variables.release-phases.public_preview %} and subject to change.
 
 * **Full project context gathering** to provide more specific, accurate, and contextually aware code reviews.
-* **Support for deterministic detections with {% data variables.product.prodname_codeql %}**, to deliver more high-signal, consistent findings for quality.
+* **Support for static analysis tools like {% data variables.product.prodname_codeql %}, ESLint, and PMD** to deliver more high-signal, consistent findings for security and quality.
 * **The ability to pass suggestions to {% data variables.copilot.copilot_coding_agent %}**, for automated creation of a new pull request against your branch with the suggested fixes applied.
 
 You are not required to have {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_actions %} enabled in your organization or enterprise to use the {% data variables.copilot.copilot_code-review-tools_short %}.
@@ -120,6 +120,15 @@ The triggers for automatic code review depend on the configuration settings:
 
 For details of how to configure {% data variables.product.prodname_copilot_short %} to automatically review new pull requests, see [AUTOTITLE](/copilot/how-tos/agents/copilot-code-review/configuring-automatic-code-review-by-copilot).
 
+## About static analysis tools
+
+You can enable static analysis tools in {% data variables.copilot.copilot_code-review_short %} to enhance its ability to identify and fix issues. Available tools include:
+* **{% data variables.product.prodname_codeql %}**: A code analysis engine that identifies security vulnerabilities. For more information, see [About {% data variables.product.prodname_codeql %}](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql).
+* **ESLint**: A linter designed specifically for JavaScript. For more information, see [Core Concepts](https://eslint.org/docs/latest/use/core-concepts/) in the the ESLint documentation.
+* **PMD**: A static code analyzer that focuses on Java and Apex, but also supports many other languages. For more information, see the [PMD documentation](https://docs.pmd-code.org/latest/).
+
+If you have access to {% data variables.copilot.copilot_code-review-tools_short %}, {% data variables.product.prodname_codeql %} is enabled by default, while ESLint and PMD are disabled. Additionally, if you have access to rulesets, you can change your selected tools. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/request-a-code-review/manage-tools).
+
 ## Getting detailed code quality feedback for your whole repository
 
 {% data variables.copilot.copilot_code-review %} reviews your code in pull requests and provides feedback. If you want to surface actionable feedback on the reliability and maintainability of your whole repository, enable {% data variables.product.prodname_code_quality %}. See [AUTOTITLE](/code-security/code-quality/concepts/about-code-quality).
diff --git a/content/copilot/how-tos/use-copilot-agents/request-a-code-review/index.md b/content/copilot/how-tos/use-copilot-agents/request-a-code-review/index.md
@@ -1,14 +1,15 @@
 ---
 title: Code review
 shortTitle: Request a code review
-intro: 'Learn how to request a code review from {% data variables.product.prodname_copilot %}.'
+intro: 'Learn how you can request and configure reviews from {% data variables.product.prodname_copilot_short %}.'
 versions:
   feature: copilot
 topics:
   - Copilot
 children:
   - /use-code-review
   - /configure-automatic-review
+  - /manage-tools
 redirect_from:
   - /copilot/using-github-copilot/code-review
   - /copilot/how-tos/agents/copilot-code-review
diff --git a/content/copilot/how-tos/use-copilot-agents/request-a-code-review/manage-tools.md b/content/copilot/how-tos/use-copilot-agents/request-a-code-review/manage-tools.md
@@ -0,0 +1,32 @@
+---
+title: Managing static analysis tools in Copilot code review
+shortTitle: Manage tools
+intro: 'Improve your code security and linting configuration with static analysis tools in {% data variables.copilot.copilot_code-review_short %}.'
+versions:
+  feature: copilot
+permissions: Repository administrators and organization owners
+product: 'Rulesets are available in public repositories with {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_free_team %} for organizations, and in public and private repositories with {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, and {% data variables.product.prodname_ghe_cloud %}.'
+topics:
+  - Copilot
+contentType: how-tos
+category:
+  - Author and optimize with Copilot
+---
+
+## Prerequisites
+
+If you get access to {% data variables.product.prodname_copilot_short %} through an organization or enterprise, your organization or enterprise owner needs to enable preview features for {% data variables.copilot.copilot_code-review_short %}. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/manage-policies) and [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-enterprise-policies).
+
+## Managing static analysis tools for your repository
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.repo-rulesets-settings %}
+{% data reusables.copilot.code-review.manage-static-analysis-tools %}
+
+## Configuring static analysis tools for your organization
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.org_settings %}
+{% data reusables.organizations.access-ruleset-settings %}
+{% data reusables.copilot.code-review.manage-static-analysis-tools %}
diff --git a/data/reusables/copilot/code-review/manage-static-analysis-tools.md b/data/reusables/copilot/code-review/manage-static-analysis-tools.md
@@ -0,0 +1,6 @@
+1. Edit or create a ruleset for {% data variables.copilot.copilot_code-review_short %}:
+   * If you have **configured a ruleset for automatic reviews** from {% data variables.copilot.copilot_code-review_short %}, click the name of that ruleset.
+   * If you **do not have an existing ruleset** for {% data variables.copilot.copilot_code-review_short %}, select the **New ruleset** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle" %} dropdown menu, then click **New branch ruleset** and give your ruleset a name.
+1. In the "Rules" section, select **Manage static analysis tools in {% data variables.copilot.copilot_code-review_short %}**.
+1. To update the tools that {% data variables.copilot.copilot_code-review_short %} will use, select the **Select tools** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then select or deselect the available tools.
+1. To apply your selections, at the bottom of the page, click **Create** or **Save changes**.
