diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 051219f8a1e6948cc02302721afdbe835f7a6543..6443faebe5fa86edb738464f96b2fb7e3e5a0d5d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,80 +1,68 @@
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#priority-of-environment-variables
 stages:
-  - build
-  - deploy
-  - failed_stage
-
-image: alpine:latest # Use the latest version of Alpine Linux docker image
-
+- build
+- deploy
+- failed_stage
+image: alpine:latest
 build_job:
   stage: build
-
   before_script:
-    - 'which ssh-agent || (apk update && apk add curl openssh-client git grep)'
-    - eval $(ssh-agent -s)
-    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
-    - mkdir -p ~/.ssh
-    - chmod 700 ~/.ssh
-    - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
-    - chmod 644 ~/.ssh/known_hosts
-
+  - which ssh-agent || (apk update && apk add curl openssh-client git grep)
+  - eval $(ssh-agent -s)
+  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
+  - mkdir -p ~/.ssh
+  - chmod 700 ~/.ssh
+  - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
+  - chmod 644 ~/.ssh/known_hosts
   script:
-    - sh script.sh
-
-    - git checkout master
-    - git config --global user.name "curben-bot"
-    - git config --global user.email "3048979-curben-bot@users.noreply.gitlab.com"
-
-    # Commit the changes
-    - sh utils/commit.sh
-
-    # Generate successful status badge
-    - mkdir -p .gitlab/
-    - sh utils/badge.sh "success"
-    - git add .gitlab/status.svg
-    # Only commit when diff exists https://stackoverflow.com/a/8123841
-    - git diff-index --quiet HEAD || git commit -m "Success pipeline"
-
-    - ssh -T git@gitlab.com
-    - git remote set-url origin git@gitlab.com:curben/urlhaus-filter.git
-    - git push origin master
-
+  - sh script.sh
+  - git checkout master
+  - git config --global user.name "curben-bot"
+  - git config --global user.email "3048979-curben-bot@users.noreply.gitlab.com"
+  - sh utils/commit.sh
+  - mkdir -p .gitlab/
+  - sh utils/badge.sh "success"
+  - git add .gitlab/status.svg
+  - git diff-index --quiet HEAD || git commit -m "Success pipeline"
+  - ssh -T git@gitlab.com
+  - git remote set-url origin git@gitlab.com:curben/urlhaus-filter.git
+  - git push origin master
   rules:
-    # Only trigger through schedule job and "Run pipeline" in master branch
-    - if: '$CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE == "web")'
-      when: always
-
-  # Upload working folder as a job artifact
+  - if: $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE
+      == "web")
+    when: always
   artifacts:
     paths:
-      - tmp/
+    - tmp/
     expire_in: 30 days
-
 failed_job:
   stage: failed_stage
-
   before_script:
-    - 'which ssh-agent || (apk update && apk add curl openssh-client git grep)'
-    - eval $(ssh-agent -s)
-    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
-    - mkdir -p ~/.ssh
-    - chmod 700 ~/.ssh
-    - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
-    - chmod 644 ~/.ssh/known_hosts
-
+  - which ssh-agent || (apk update && apk add curl openssh-client git grep)
+  - eval $(ssh-agent -s)
+  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
+  - mkdir -p ~/.ssh
+  - chmod 700 ~/.ssh
+  - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
+  - chmod 644 ~/.ssh/known_hosts
   script:
-    - git checkout master
-    - git config --global user.name "curben-bot"
-    - git config --global user.email "3048979-curben-bot@users.noreply.gitlab.com"
-
-    - mkdir -p .gitlab/
-    - sh utils/badge.sh "failed"
-    - git add .gitlab/status.svg
-    - git diff-index --quiet HEAD || git commit -m "Failed pipeline"
-    - ssh -T git@gitlab.com
-    - git remote set-url origin git@gitlab.com:curben/urlhaus-filter.git
-    - git push origin master
-
+  - git checkout master
+  - git config --global user.name "curben-bot"
+  - git config --global user.email "3048979-curben-bot@users.noreply.gitlab.com"
+  - mkdir -p .gitlab/
+  - sh utils/badge.sh "failed"
+  - git add .gitlab/status.svg
+  - git diff-index --quiet HEAD || git commit -m "Failed pipeline"
+  - ssh -T git@gitlab.com
+  - git remote set-url origin git@gitlab.com:curben/urlhaus-filter.git
+  - git push origin master
   rules:
-    - if: '$CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE == "web")'
-      # Run this job only when preceding jobs failed
-      when: on_failure
+  - if: $CI_COMMIT_REF_NAME == "master" && ($CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE
+      == "web")
+    when: on_failure
+include:
+- template: Security/Secret-Detection.gitlab-ci.yml