diff --git a/README.md b/README.md
index b5e45869d772e0dc55768f7d82705e27dd174616..8126eaecae6b461263b7f9cd9333ff4f5e48ac97 100644
--- a/README.md
+++ b/README.md
@@ -5,4 +5,3 @@ Shared `.gitlab-ci.yml` components for WordPress.
 ## Features
 
 * `plugins`: PHPUnit, PHPCS, and deploys to WordPress.org.
-* `pantheon`: deploy a site to Pantheon via their git integration.
diff --git a/pantheon/default.yml b/pantheon/default.yml
deleted file mode 100644
index 0ee315f16389a2884f259a778c4ba2b46263f3dd..0000000000000000000000000000000000000000
--- a/pantheon/default.yml
+++ /dev/null
@@ -1,77 +0,0 @@
-stages:
-  - test
-  - build
-
-variables:
-  GIT_SUBMODULE_STRATEGY: recursive
-
-test-deps:
-  stage: test
-  image: containers.ethitter.com:443/docker/images/php:7.3
-  before_script:
-    - git config --global user.email "$GIT_USER_EMAIL"
-    - git config --global user.name "$GIT_USER_NAME"
-    # TODO: add build steps here once things are converted to submodules.
-    # TODO: add Terminus to handle pushes and cache clearing.
-  script:
-    - cd ${CI_PROJECT_DIR}
-    - ls -la
-    - rm -rf ${CI_PROJECT_DIR}/.git/
-    - rm -rf ${CI_PROJECT_DIR}/.gitignore
-    - rm -rf ${CI_PROJECT_DIR}/.gitmodules
-    - rm -rf ${CI_PROJECT_DIR}/.gitlab-ci.yml
-    - rm -rf ${CI_PROJECT_DIR}/README.md
-    - rm -rf ${CI_PROJECT_DIR}/readme.txt
-    - ls -la
-
-    - git init
-    - git status -s
-    - git add -A
-    - git status -s
-    - git commit -m "Build from $CI_COMMIT_SHORT_SHA"
-    - git diff --exit-code
-    - git status -s
-    - git log -n 1
-
-git-push:
-  stage: build
-  image: containers.ethitter.com:443/docker/images/php:7.3
-  only:
-    - main
-  allow_failure: false
-  before_script:
-    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
-    - eval $(ssh-agent -s)
-    - ssh-add <(echo "$GIT_SSH_PRIV_KEY")
-
-    - git config --global user.email "$GIT_USER_EMAIL"
-    - git config --global user.name "$GIT_USER_NAME"
-
-    - mkdir -p ~/.ssh
-    - echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
-    - ssh-keygen -R "$PANTHEON_GIT_HOST"
-    - ssh-keyscan -t rsa -p "$PANTHEON_GIT_HOST_PORT" "$PANTHEON_GIT_HOST" >> ~/.ssh/known_hosts
-    # TODO: add build steps here once things are converted to submodules.
-    # TODO: add Terminus to handle pushes and cache clearing.
-  script:
-    - cd ${CI_PROJECT_DIR}
-    - ls -la
-    - rm -rf ${CI_PROJECT_DIR}/.git/
-    - rm -rf ${CI_PROJECT_DIR}/.gitignore
-    - rm -rf ${CI_PROJECT_DIR}/.gitmodules
-    - rm -rf ${CI_PROJECT_DIR}/.gitlab-ci.yml
-    - rm -rf ${CI_PROJECT_DIR}/README.md
-    - rm -rf ${CI_PROJECT_DIR}/readme.txt
-    - ls -la
-
-    - git init
-    - git checkout -b "$PANTHEON_GIT_BRANCH"
-    - git remote add pantheon "$PANTHEON_GIT_REMOTE"
-    - git status -s
-    - git add -A
-    - git status -s
-    - git commit -m "Build from $CI_COMMIT_SHORT_SHA"
-    - git diff --exit-code
-    - git status -s
-    - git log -n 1
-    - git push --force pantheon "$PANTHEON_GIT_BRANCH"
diff --git a/plugins/default.yml b/plugins/default.yml
index fb0a242155d1b95e47efc005bc1099176539ee8a..156447f65f941652ec3c73283c996a4d4e5f95c2 100644
--- a/plugins/default.yml
+++ b/plugins/default.yml
@@ -3,3 +3,4 @@ include:
   - remote: https://git-cdn.e15r.co/gitlab/ci/wordpress/-/raw/main/plugins/templates/cache.yml
   - remote: https://git-cdn.e15r.co/gitlab/ci/wordpress/-/raw/main/plugins/templates/before-script.yml
   - remote: https://git-cdn.e15r.co/gitlab/ci/wordpress/-/raw/main/plugins/templates/matrix.yml
+  - template: Security/SAST.gitlab-ci.yml