diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fd45bbf643fd4a6f500fb651e5a21f16e9f1cf4c..1650b82a9abe25cb4a8175edb57a6f2af33d887d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -19,6 +19,11 @@ default:
     - cookiecutter --no-input --overwrite-if-exists --output-dir . .
     - cd my_awesome_app
 
+# Override semgrep-sast before script
+sast:
+  before_script:
+    - python --version # For debugging
+
 # Override unit test before script
 .run_unit_test_version_base:
   before_script:
diff --git a/{{cookiecutter.project_slug}}/.gitlab-ci.yml b/{{cookiecutter.project_slug}}/.gitlab-ci.yml
index 1498ae3a1c7fddd5566cef273240ac4cf276cb96..1fb825d923a6c5cede19408f558635e98c467937 100644
--- a/{{cookiecutter.project_slug}}/.gitlab-ci.yml
+++ b/{{cookiecutter.project_slug}}/.gitlab-ci.yml
@@ -20,6 +20,12 @@ variables:
   PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
 
 
+include:
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
+
+
 # Prepare image to run ci on
 trigger_prepare:
   stage: prepare
@@ -45,6 +51,22 @@ run_pylint:
     - tox -e pylint
   allow_failure: true
 
+sast:
+  variables:
+    SAST_EXCLUDED_ANALYZERS: brakeman, kubesec, nodejs-scan, phpcs-security-audit,
+      pmd-apex, sobelow, spotbugs
+  stage: test
+
+dependency_scanning:
+  # override default before_script, job won't have Python available
+  before_script:
+    - uname
+
+secret_detection:
+  # override default before_script, job won't have Python available
+  before_script:
+    - uname
+
 # Basic setup for all Python versions for which we don't have a base image
 .run_unit_test_version_base:
   before_script: