diff --git a/templates/sast.yml b/templates/sast.yml
index 6dad115..a169ccb 100644
--- a/templates/sast.yml
+++ b/templates/sast.yml
@@ -5,7 +5,7 @@ spec:
     image_prefix:
       default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
     image_tag:
-      default: '5'
+      default: '6'
     image_suffix:
       default: ""
     excluded_analyzers:
@@ -53,8 +53,15 @@ gitlab-advanced-sast:
   image:
     name: "$[[ inputs.image_prefix ]]/gitlab-advanced-sast:${SAST_ANALYZER_IMAGE_TAG}$[[ inputs.image_suffix ]]"
   variables:
-    SAST_ANALYZER_IMAGE_TAG: 1
+    FF_GLAS_ENABLE_PHP_SUPPORT: 'true'
+    SAST_ANALYZER_IMAGE_TAG: 2
     SEARCH_MAX_DEPTH: 20
+  cache:
+    key: "scan-metrics-$CI_COMMIT_REF_SLUG"
+    fallback_keys:
+      - "scan-metrics-$CI_DEFAULT_BRANCH"
+    paths:
+      - "scan_metrics.csv"
   rules:
     - if: '"$[[ inputs.excluded_analyzers ]]" =~ /gitlab-advanced-sast/'
       when: never
@@ -75,6 +82,7 @@ gitlab-advanced-sast:
         - '**/*.mjs'
         - '**/*.cs'
         - '**/*.rb'
+        - '**/*.php'
 
 brakeman-sast:
   extends: .deprecated-16.8
@@ -138,7 +146,7 @@ semgrep-sast:
           "$[[ inputs.excluded_analyzers ]]" !~ /gitlab-advanced-sast/ &&
           "$[[ inputs.run_advanced_sast ]]" == "true"'
       variables:
-        SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS, **/*.py, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.cjs, **/*.mjs, **/*.cs, **/*.rb"
+        SAST_EXCLUDED_PATHS: "$DEFAULT_SAST_EXCLUDED_PATHS, **/*.py, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.cjs, **/*.mjs, **/*.cs, **/*.rb, **/*.php"
       exists:
         - '**/*.c'
         - '**/*.cc'
@@ -197,7 +205,7 @@ semgrep-sast:
         - '**/bootstrap*.yml'
         - '**/application*.yaml'
         - '**/bootstrap*.yaml'
-        
+
 sobelow-sast:
   extends: .sast-analyzer
   image: