Custom SAST integration not triggered

I am building a custom SAST integration into gitlab ci pipeline. I am trying to build a sast template that would function in the same way as the native SAST.gitlab-ci.yml that can be included in the .gitlab-ci.yml file and the template will “automagically” integrate this custom sast analyzer and the report it produces. I have created the SAST template by copy pasting sections from the native gitlab SAST here:

However, when I include this template in the .gitlab-ci.yml the sast job is never executed example: . Ci linter shows that the job is available but only the noop stage is being executed in the runner, I already tried to remove all rules, tags etc. that could filter out the job and prevent it from being run as well as moving it inside the test stage instead of sast but the result is same, it’s like as if the job from the included template is invisible to the runner.

Here is my SAST template that I am including:


  stage: sast
    - docker run --rm -v ${CI_PROJECT_DIR}:/src:ro rootlug/aura-security:${AURA_DOCKER_VERSION} scan /src -f gitlab-sast >${CI_PROJECT_DIR}/gl-aura-sast-report.json
  allow_failure: true
      sast: gl-aura-sast-report.json

And this is the .gitlab-ci.yml I am using for testing:

image: docker:19.03.12

  - docker:19.03.12-dind

  - docker info


  - sast
  - test

  stage: test
    - echo "This is a no-op stage just to trigger the `test` stage"

Note: for reference this is the native gitlab SAST template:
Originally I had split the sast job into multiple jobs in the same way as native sast is doing, e.g. the sast job for test stage with rules.when == “never” and the using job.extends that defined the aura sast integration but as mentioned, the job was never visible/executed by runner so I removed that and defined it only as a single stage job by trying to figure out if those rules and extends were somehow preventing it from being run/filtered.