SAST plugin with Bitbucket Cloud

I am using Gitlab SAST in my Golang repo which is mirrored from Bitbucket.

include:

  • template: Security/SAST.gitlab-ci.yml

Now I have configured app password as per: Using GitLab CI/CD with a Bitbucket Cloud repository | GitLab

And also the 4 CI/CD variables as point 5. Still when I run the pipeline, analyser tries to download the repo but fails with 403 error. Seems like it is not able to pick those variables coz if token was an issue it would give 401 instead of 403.

I have also tried to add private ssh key as per: .gitlab-ci.yml · master · GitLab-examples / ssh-private-key · GitLab and also public key to my bitbucket repo but to no success.

Need pointers to achieve this.