GitLab pipeline (.gitlab-ci.yml) for CI and scheduled SAST

We would like to have a .gitlab-ci.yml which supports the default CI pipeline and the SAST pipeline only scheduled once a day.

lint, build, test-unit (on merge request)
test-sast (scheduled once a day)

What seems logic but didn’t work is this configuration:

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Workflows/MergeRequest-Pipelines.gitlab-ci.yml

image: node:lts-alpine

stages:
  - lint
  - build
  - test

lint:
  stage: lint
  script:
    - npm i
    - npm run lint

build:
  stage: build
  script:
    - npm i
    - npm run build

test-unit:
  stage: test
  script:
    - npm i
    - npm run test:unit

test-sast:
  stage: test
  script: [ "true" ]
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule"
      when: always
    - when: never

Then did some tests using the environment variable SAST_DISABLED which didn’t work as well.

May be someone has a similiar setup and may help out with a working sample?