ci: Add SAST testing to CI checks

Alaa Jubakhanji · daniel-jones-dev · commit 6c77cc409d75 · 2025-04-02T14:48:50.000+02:00
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -6,6 +6,7 @@ include:
     - project: 'deepl/ops/ci-cd-infrastructure/gitlab-ci-lib'
       file:
           - '/templates/.secret-detection.yml'
+    - template: Security/SAST.gitlab-ci.yml
 
 # Global --------------------------
 
@@ -35,6 +36,9 @@ stages:
 before_script:
     - npm install
 
+variables:
+    GITLAB_ADVANCED_SAST_ENABLED: 'true'
+
 # stage: check ----------------------
 
 .eslint_base:
@@ -99,6 +103,26 @@ secret_detection:
     rules:
         - if: $CI_MERGE_REQUEST_ID
 
+gitlab-advanced-sast:
+    stage: check
+    rules:
+        - when: always
+    before_script:
+        - ''
+    variables:
+        SAST_EXCLUDED_PATHS: '$DEFAULT_SAST_EXCLUDED_PATHS'
+        GIT_STRATEGY: clone
+
+semgrep-sast:
+    stage: check
+    rules:
+        - when: always
+    before_script:
+        - ''
+    variables:
+        SAST_EXCLUDED_PATHS: '$DEFAULT_SAST_EXCLUDED_PATHS'
+        GIT_STRATEGY: clone
+
 # stage: build ----------------------
 
 build:
