Update details on secure templates with MR pipelines

doc/ci/merge_request_pipelines/index.md

@@ -128,12 +128,6 @@ This helps you avoid having to add the `only:` rule to all of your jobs to make
 them always run. You can use this format to set up a Review App, helping to
 save resources.
 
-### Using SAST, DAST, and other Secure Templates with Pipelines for Merge Requests 
-
-To use [Secure templates](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Security)
-with pipelines for merge requests, you may need to apply a `rules: if: merge_request_event` for the
-Secure scans to run in the same pipeline as the commit.
-
 #### Excluding certain branches
 
 Pipelines for merge requests require special treatment when

doc/user/application_security/index.md

@@ -21,7 +21,7 @@ For an overview of application security with GitLab, see
 ## Quick start
 
 Get started quickly with Dependency Scanning, License Scanning, Static Application Security
-Testing (SAST), and Secret Detection by adding the following to your `.gitlab-ci.yml`:
+Testing (SAST), and Secret Detection by adding the following to your [`.gitlab-ci.yml`](../../ci/yaml/README.md):
 
 ```yaml
 include:
@@ -76,6 +76,20 @@ GitLab uses the following tools to scan and report known vulnerabilities found i
 | [Static Application Security Testing (SAST)](sast/index.md)                  | Analyze source code for known vulnerabilities.                         |
 | [Coverage fuzzing](coverage_fuzzing/index.md) **(ULTIMATE)**                 | Find unknown bugs and vulnerabilities with coverage-guided fuzzing.    |
 
+### Use security scanning tools with Pipelines for Merge Requests
+
+The security scanning tools can all be added to pipelines with [templates](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Security).
+See each tool for details on how to use include each template in your CI/CD configuration.
+
+By default, the application security jobs are configured to run for branch pipelines only.
+To use them with [pipelines for merge requests](../../ci/merge_request_pipelines/index.md),
+you may need to override the default `rules:` configuration to add:
+
+```yaml
+rules:
+  - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+```
+
 ## Security Scanning with Auto DevOps
 
 When [Auto DevOps](../../topics/autodevops/) is enabled, all GitLab Security scanning tools will be configured using default settings.
@@ -144,8 +158,8 @@ To view details of DAST vulnerabilities:
 
 1. Click on the vulnerability's description. The following details are provided:
 
-   | Field            | Description                                                                                                                                                                   |
-|:-----------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Field            | Description                                                        |
+|:-----------------|:------------------------------------------------------------------ |
 | Description      | Description of the vulnerability.                                  |
 | Project          | Namespace and project in which the vulnerability was detected.     |
 | Method           | HTTP method used to detect the vulnerability.                      |