Use vendored CI/CD templates for security products jobs in GitLab.com CI/CD (dogfooding)
Problem to solve
After the arrival of #8660 (closed) and #8661 (closed), keeping separate definitions of security scan jobs in GitLab.com CI/CD config while we have templates for them will cause code duplication and additional maintenance costs.
Target audience
GitLab Engineering Team
Proposal
Include the vendored CI/CD templates for SAST and Dependency Scanning and customize them with environment variables after inclusion if needed.
What does success look like, and how can we measure that?
The GitLab.com uses the vendored CI/CD templates for SAST and Dependency Scanning in its .gitlab-ci.yml config.