I am using the official template of SAST from the following url,
For my repo, the file structure is like this, the json files are in folder deploy,
I have included the above sast template in “include” section of .gitlab-ci.yml. However, when the pipeline is triggered, only eslint-sast has triggered. And there’s no vulunerabilities shown in the eslint report. I am wondering whether nodejs-scan will trigger. Anyone can help please?