SAST Scans - Apply to All Repositories at once

Hello Team,

I would like to understand the different options, if any, that GITLAB provides to integrate a job to all repositories at once.

Problem Statement:
If we need to integrate a scanner like semgrep to all repos at once without failing a build, is there an option to do so ?

For example, if we need to integrate a particular component like semgrep scan in the test stage or review stage for all repositories, is that possible to do it from just one place or in a centralised fashion. From what i looked at in the wiki, there are only these options:

  1. Creating templates and including it in individual project’s ci.yml
  2. Making changes to parentpom, however, it has more advantages when you have a maven plugin for anything you want to add and attach it to a profile. However, for example, semgrep itself is a python project and there is no direct way to create a maven plugin for it ( i am aware of the hacks available)
  3. Auto Devops, you can set it a group level, but the purpose of Auto devops is different