workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == "web"
      when: always
    - if: $CI_PIPELINE_SOURCE == "merge request event"
    - if: $CI_COMMIT_BRANCH


stages:
  - security
  - lint

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/DAST.gitlab-ci.yml

sast:
  stage: security

dast:
  stage: security

markdown_lint:
  stage: lint
  image: ghcr.io/igorshubovych/markdownlint-cli:latest
  allow_failure: true
  rules:
    - changes:
        - "**/*.md"
  script:
    - markdownlint "**/*.md"