From 0e94e97004ea10e211c705f5c531e2344f7c7af4 Mon Sep 17 00:00:00 2001
From: Melissa Beldman <mweston4@uwo.ca>
Date: Tue, 3 Jun 2025 20:23:29 +0000
Subject: [PATCH] Update file sast.yml

---
 templates/sast.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/templates/sast.yml b/templates/sast.yml
index 9d0c593..1ce1a90 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -149,6 +149,9 @@ gitlab-advanced-sast:
       when: never
     - if: '"$[[ inputs.run_advanced_sast ]]" != "true"'
       when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
+          $GITLAB_FEATURES =~ /\bsast_advanced\b/
+      exists: !reference [.gitlab-advanced-sast-exist-rules, exists]
     - if: $CI_COMMIT_BRANCH &&
           $GITLAB_FEATURES =~ /\bsast_advanced\b/
       exists: !reference [.gitlab-advanced-sast-exist-rules, exists]
@@ -166,6 +169,7 @@ kubesec-sast:
   rules:
     - if: '"$[[ inputs.excluded_analyzers ]]" =~ /kubesec/'
       when: never
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && "$[[ inputs.run_kubesec_sast ]]" == "true"'
     - if: '$CI_COMMIT_BRANCH && "$[[ inputs.run_kubesec_sast ]]" == "true"'
 
 mobsf-android-sast:
@@ -233,7 +237,9 @@ semgrep-sast:
           "$[[ inputs.excluded_analyzers ]]" !~ /gitlab-advanced-sast/ &&
           "$[[ inputs.run_advanced_sast ]]" == "true"'
       when: never
-    # Default case - run for all supported files
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      exists: !reference [.semgrep-exist-rules, exists]
+      # Default case - run for all supported files
     - if: $CI_COMMIT_BRANCH
       exists: !reference [.semgrep-exist-rules, exists]
 
@@ -259,6 +265,7 @@ spotbugs-sast:
       exists:
         - '**/AndroidManifest.xml'
       when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
     - if: $CI_COMMIT_BRANCH
       exists:
         - '**/*.groovy'