Running semgrep for an iOS Project

As MobSF is no longer supported by gitlab, we are trying to move to semgrep.

Currently, all of our iOS builds are executed on an M2 Mac (ARM64) runner (shell)

I have included the Security/SAST.gitlab-ci.yml template, but it appears gitlab tries to execute the semgrep-sast job on the default runner (Using Shell (bash) executor...).

How can I tell the pipeline that the semgrep-sast job should run in a docker container somewhere else?

Thanks a lot

Alex

Easy when you know how:

include:
  template: Security/SAST.gitlab-ci.yml
    
sast:
  tags:
    - $YOUR_DOCKER_RUNNER