Given how Gitlab seems to handle the merging of various `rules:` and `only:` directives within `.gitlab-ci.yml` files (see frustrations from [[ https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/28 | MR28 ]] and [[ https://gitlab.wikimedia.org/repos/security/wikimedia-code-health-check/-/merge_requests/29 | MR29 ]]), we should provide a default `rules: - when: always` directive within each AppSec pipeline include. It is also critical to (re)define the `stages: - test` directive, apparently, but this should be done within the //calling// `.gitlab-ci.yml` files IMO.
[] generic-osv (staged in [[ https://gitlab.wikimedia.org/repos/security/gitlab-ci-security-templates/-/merge_requests/28 | MR28 ]])
[] golang-go-mod-outdated (staged in [[ https://gitlab.wikimedia.org/repos/security/gitlab-ci-security-templates/-/merge_requests/28 | MR28 ]])
[] golang-gosec (staged in [[ https://gitlab.wikimedia.org/repos/security/gitlab-ci-security-templates/-/merge_requests/28 | MR28 ]])
[] npm-outdated (staged in [[ https://gitlab.wikimedia.org/repos/security/gitlab-ci-security-templates/-/merge_requests/28 | MR28 ]])
[] php-composer-outdated (staged in [[ https://gitlab.wikimedia.org/repos/security/gitlab-ci-security-templates/-/merge_requests/28 | MR28 ]])
[] php-phan-taint-check (staged in [[ https://gitlab.wikimedia.org/repos/security/gitlab-ci-security-templates/-/merge_requests/28 | MR28 ]])
[] php-security-checker (staged in [[ https://gitlab.wikimedia.org/repos/security/gitlab-ci-security-templates/-/merge_requests/28 | MR28 ]])
[x] python-bandit (done in [[ https://gitlab.wikimedia.org/repos/security/gitlab-ci-security-templates/-/commit/010e8604bf39fb239a2aee9a6f1f41432e1cd4ab | 010e8604 ]])
[] semgrep (staged in [[ https://gitlab.wikimedia.org/repos/security/gitlab-ci-security-templates/-/merge_requests/28 | MR28 ]])