diff --git a/templates/sast.yml b/templates/sast.yml
index 64e7743..6c4d6c6 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -69,14 +69,6 @@ spec:
 
 .semgrep-with-advanced-sast-exist-rules:
   exists:
-    - '**/*.c'
-    - '**/*.cc'
-    - '**/*.cpp'
-    - '**/*.c++'
-    - '**/*.cp'
-    - '**/*.cxx'
-    - '**/*.h'
-    - '**/*.hpp'
     - '**/*.scala'
     - '**/*.sc'
     - '**/*.php'
@@ -96,14 +88,6 @@ spec:
     - '**/*.jsx'
     - '**/*.ts'
     - '**/*.tsx'
-    - '**/*.c'
-    - '**/*.cc'
-    - '**/*.cpp'
-    - '**/*.c++'
-    - '**/*.cp'
-    - '**/*.cxx'
-    - '**/*.h'
-    - '**/*.hpp'
     - '**/*.go'
     - '**/*.java'
     - '**/*.cs'
@@ -254,3 +238,21 @@ spotbugs-sast:
     - if: $CI_COMMIT_BRANCH
       exists:
         - '**/*.groovy'
+
+clangsa-sast:
+  extends: .sast-analyzer
+  image:
+    name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/security-products/analyzers/clangsa:0"
+  rules:
+    - if: '"$[[ inputs.excluded_analyzers ]]" =~ /clangsa/'
+      when: never
+    - if: $CI_COMMIT_BRANCH
+      exists:
+        - "**/*.c"
+        - "**/*.cc"
+        - "**/*.cpp"
+        - "**/*.c++"
+        - "**/*.cp"
+        - "**/*.cxx"
+        - "**/*.h"
+        - "**/*.hpp"