[x] Choose and migrate a few repositories to gitlab.wikimedia.org for testing purposes (these can be MediaWiki extensions, etc)
[x] PHP/front-end JS (https://gitlab.wikimedia.org/security/secteam-boilerplate-fork)
[x] node (https://gitlab.wikimedia.org/security/service-runner-fork-nodejs)
[x] python (https://gitlab.wikimedia.org/security/pywikibot-fork-python-3)
[x] golang (https://gitlab.wikimedia.org/security/blubber)
[x] java (https://gitlab.wikimedia.org/security/extra-fork-java)
[x] Create initial application security pipeline / ci templates repository under the Security Team space (need to choose a name, see also: T289292) (https://gitlab.wikimedia.org/security/gitlab-ci-security-templates)
//...moved some of this to sub-tasks for improved project management...//
[] Finish node/npm initial tool ci templates
[] `njsscan` (Python - requires research for supported Node versions)
[] `semgrep` (Python - requires research for supported Node versions)
[] `snyk` (Node - but likley licensing issues which may not work with our Gitlab/CI use-case) (@reedy)
[] Potentially benchmark and write tests for the above (needs research - this might not be feasible)
[] Proceed with developing and testing omnibus, singular ci template for node/npm security tooling (might need two for just SCA and SCA + SAST)
[] Design and document various use-cases and workflows for application security pipeline
[] Manual/scheduled triggers (already exists within Gitlab - provide doc, best practices)
[] Merge request workflow trigger (standard ci) (already exists within Gitlab - provide doc, best practices)
[] Deployment pipeline tests (needs serious consideration as to what passes/fails and when.)