https://transitory.social/notes/9pe04t8ma9
https://docs.gitlab.com/ee/user/application_security/sast/#configure-sast-in-your-cicd-yaml
https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
There is also an option for dynamic analysis
https://docs.gitlab.com/16.8/ee/user/application_security/dast/index.html
that's going to be weird… let's do the static first
mentioned in merge request !414
assigned to @dakkar
added in progress label