Update file sast.yml

templates/sast.yml

@@ -149,6 +149,9 @@ gitlab-advanced-sast:
       when: never
     - if: '"$[[ inputs.run_advanced_sast ]]" != "true"'
       when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
+          $GITLAB_FEATURES =~ /\bsast_advanced\b/
+      exists: !reference [.gitlab-advanced-sast-exist-rules, exists]
     - if: $CI_COMMIT_BRANCH &&
           $GITLAB_FEATURES =~ /\bsast_advanced\b/
       exists: !reference [.gitlab-advanced-sast-exist-rules, exists]
@@ -166,6 +169,7 @@ kubesec-sast:
   rules:
     - if: '"$[[ inputs.excluded_analyzers ]]" =~ /kubesec/'
       when: never
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && "$[[ inputs.run_kubesec_sast ]]" == "true"'
     - if: '$CI_COMMIT_BRANCH && "$[[ inputs.run_kubesec_sast ]]" == "true"'
 
 mobsf-android-sast:
@@ -233,6 +237,8 @@ semgrep-sast:
           "$[[ inputs.excluded_analyzers ]]" !~ /gitlab-advanced-sast/ &&
           "$[[ inputs.run_advanced_sast ]]" == "true"'
       when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      exists: !reference [.semgrep-exist-rules, exists]
       # Default case - run for all supported files
     - if: $CI_COMMIT_BRANCH
       exists: !reference [.semgrep-exist-rules, exists]
@@ -259,6 +265,7 @@ spotbugs-sast:
       exists:
         - '**/AndroidManifest.xml'
       when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
     - if: $CI_COMMIT_BRANCH
       exists:
         - '**/*.groovy'