diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6bb3017e32c2fac0226a4bc0bb022c0f61d0f165..d90abdd26b78fce19a5c983399f8fa09d4c652c2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,11 +12,17 @@ variables:
     - docker:dind
   script:
     - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
-    - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" -t "$CI_REGISTRY_IMAGE:latest" --build-arg ALPINE_VERSION=$ALPINE_VERSION .
+    - |
+      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
+        docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" -t "$CI_REGISTRY_IMAGE:latest" --build-arg ALPINE_VERSION=$ALPINE_VERSION .
+      else
+        docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" --build-arg ALPINE_VERSION=$ALPINE_VERSION .
+      fi
     - docker push "$CI_REGISTRY_IMAGE" --all-tags
 
 include:
   - template: Jobs/Container-Scanning.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml
 
 build:deploy:
   extends: .build_tpl
@@ -25,4 +31,8 @@ container_scanning:
   variables:
     CS_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA"
     CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
+    GIT_STRATEGY: "fetch"
   
+sast:
+  stage: test
+