I have the following policy:
--- scan_execution_policy: - name: Test SAST Scanning description: Testing for usage of features. enabled: true rules: - type: pipeline branches: - merge_requests - type: pipeline branches: - main - type: pipeline branches: - master actions: - scan: sast tags: 
This wont work with the merge_request pipeline that we build the current tooling is built around with the following rules:
rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
If I change the rule to use * instead for the branches it will run but in a separate pipeline like this:
So question is do I need to change the rule to run in not merge request and use branches instead (or another way):
only: - branches
Or can I change the policy to trigger so the sast, dast and whatnot is running in the same pipeline instead of 2 separate pipelines?