Given how Gitlab seems to handle the merging of various rules: and only: directives within .gitlab-ci.yml files (see frustrations from MR28 and MR29), we should provide a default rules: - when: always directive within each AppSec pipeline include. It is also critical to (re)define the stages: - test directive, apparently, but this should be done within the calling .gitlab-ci.yml files IMO.
- generic-osv (merged in MR28)
- golang-go-mod-outdated (merged in MR28)
- golang-gosec (merged in MR28)
- npm-outdated (merged in MR28)
- php-composer-outdated (merged in MR28)
- php-phan-taint-check (merged in MR28)
- php-security-checker (merged in MR28)
- python-bandit (done in 010e8604)
- semgrep (merged in MR28)