Enable various forms of scanning

.gitlab-ci.yml

@@ -12,6 +12,9 @@ workflow:
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
     - if: $CI_COMMIT_TAG
     - if: ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)
+include:
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
 
 stages:
   - prepare
@@ -328,6 +331,16 @@ shellcheck:
     - shellcheck --version
     - shellcheck **/*.sh
 
+sast:
+  variables:
+    SAST_EXCLUDED_PATHS: "*.tox"
+    SAST_EXCLUDED_ANALYZERS: brakeman, flawfinder, kubesec, nodejs-scan, phpcs-security-audit,
+      pmd-apex, security-code-scan, sobelow, spotbugs
+  stage: static-analysis
+
+gemnasium-dependency_scanning:
+  stage: static-analysis
+
 sphinx_documentation:
   stage: documentation
   script: