SAST CI template changes for 18.0

Why are we doing this work

The CI templates that reference SAST analyzer images need to start using the latest major version from %18.0.

As described in #513428 (closed), these are:

• gitlab-advanced-sast:2
• kics:6
• kubesec:6
• pmd-apex:6
• semgrep:6
• sobelow:6

As discussed in our planning issue, we will only be updating the major version update and will not copy the .latest template into stable.

Dependency

As described in the Preparing analyzers for a major version release, the Static Analysis major analyzer version bump for... (#513428 - closed) issue needs to be completed before we perform the following.

Tasks

Bump major version for SAST.gitlab-ci.yml

• gitlab-advanced-sast:2
• kubesec:6
• pmd-apex:6
• semgrep:6
• sobelow:6

Bump major version for SAST.latest.gitlab-ci.yml

• gitlab-advanced-sast:2
• kubesec:6
• pmd-apex:6
• semgrep:6
• sobelow:6

Bump major version for SAST-IaC.gitlab-ci.yml

• kics:6

Bump major version for SAST-IaC.latest.gitlab-ci.yml

• kics:6

Relevant links

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:
• Deprecation window 1: MRs to be released to production during April 21 - 23, 2025.

Implementation plan

Verification steps