diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4127f8c9cfd2f5cd9c033dd3fd96ecb91f589c1c..d116b3b2bfa69662c129d50fbcc5ba710fe9f1f1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,7 +1,11 @@
 # Copyright (C) ASTRON (Netherlands Institute for Radio Astronomy)
 # SPDX-License-Identifier: Apache-2.0
 
-include: .gitlab-ci.common.yml
+include:
+  - .gitlab-ci.common.yml
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
 
 format:
   stage: linting
@@ -28,6 +32,22 @@ tidy:
     - cmake -DCMAKE_CXX_CLANG_TIDY=clang-tidy -G Ninja ..
     - ninja
 
+sast:
+  variables:
+    SAST_EXCLUDED_ANALYZERS: brakeman, kubesec, nodejs-scan, phpcs-security-audit,
+      pmd-apex, sobelow, spotbugs
+  stage: test
+
+dependency_scanning:
+  # override default before_script, job won't have Python available
+  before_script:
+    - uname
+
+secret_detection:
+  # override default before_script, job won't have Python available
+  before_script:
+    - uname
+
 test:
   stage: test
   needs: ["versioning", "build-docker-ubuntu-22.04"]