Add stage input and remove "sast" job

README.md

@@ -1 +1,6 @@
-## SAST (Static Application Security Testing)
+## SAST (Static Application Security Testing)
+
+Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
+
+Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
+List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables

template.yml

@@ -1,8 +1,9 @@
-# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
-#
-# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
-# List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-cicd-variables
-
+spec:
+  inputs:
+    stage:
+      default: test
+    
+---
 variables:
   # Setting this variable will affect all Security templates
   # (SAST, Dependency Scanning, ...)
@@ -13,26 +14,18 @@ variables:
   SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
   SCAN_KUBERNETES_MANIFESTS: "false"
 
-sast:
-  stage: test
-  artifacts:
-    reports:
-      sast: gl-sast-report.json
-  rules:
-    - when: never
-  variables:
-    SEARCH_MAX_DEPTH: 4
-  script:
-    - echo "$CI_JOB_NAME is used for configuration only, and its script should not be executed"
-    - exit 1
-
 .sast-analyzer:
-  extends: sast
+  stage: $[[ inputs.stage ]]
   allow_failure: true
   # `rules` must be overridden explicitly by each child job
   # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
+  variables:
+    SEARCH_MAX_DEPTH: 4
   script:
     - /analyzer run
+  artifacts:
+    reports:
+      sast: gl-sast-report.json
 
 bandit-sast:
   extends: .sast-analyzer