DDS-2019 update Trivy action

[aishling-scilifelab]

1. Description / Summary

Update some aspects of the Trivy scan GitHub Actions, namely removing the invalid branches keyword and updating the versions of both github/codeql-action/upload-sarif (to v3 from v2) and aquasecurity/trivy-action (to 0.24.0 from 0.7.1).

2. Jira task / GitHub issue

Link to the github issue or add the Jira task ID here.

3. Type of change

What type of change(s) does the PR contain?

Check the relevant boxes below. For an explanation of the different sections, enter edit mode of this PR description template.

• [ ] New feature
  • [ ] Breaking: Why / How? Add info here.
  • [ ] Non-breaking
• [ ] Database change: Remember the to include a new migration version, or explain here why it's not needed.
• [ ] Bug fix
• [ ] Security Alert fix
  • [ ] Package update
  • [ ] Major version update
• [ ] Documentation
• [x] Workflow
• [ ] Tests only

4. Additional information

• [x] Sprintlog
• [ ] Blocking PRs
  • [ ] Merged
• [ ] PR to master branch: _If checked, read the release instructions
  • [ ] I have followed steps 1-8.

5. Actions / Scans

Check the boxes when the specified checks have passed.

For information on what the different checks do and how to fix it if they're failing, enter edit mode of this description or go to the PR template.

• [ ] Black
• [ ] Prettier
• [ ] Yamllint
• [ ] Tests
• [ ] CodeQL
• [ ] Trivy
• [ ] Snyk

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 92.46%. Comparing base (1f1ea06) to head (7a77029).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## dev #1545 +/- ## ======================================= Coverage 92.46% 92.46% ======================================= Files 29 29 Lines 4830 4830 ======================================= Hits 4466 4466 Misses 364 364 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[rv0lt]

Pretty straightforward. Just two small comments:

1. Have we checked that this update in the action version do not break anything?
2. Also, could you fill a small description in the action?

[aishling-scilifelab]

Pretty straightforward. Just two small comments:

1. Have we checked that this update in the action version do not break anything?
2. Also, could you fill a small description in the action?

On 1) I have checked it in that the Trivy scan still works here but is there anything else you think I should look for? On 2), do you mean in the commit message, in the SPRINTLOG or somewhere else?

[rv0lt]

On 1) I have checked it in that the Trivy scan still works here but is there anything else you think I should look for?

1. Nothing specially, when I update some dependency, I mainly look at the changelogs to see if there is some weird change.

2. In the PR I mean, there is this automatically template with a Description / Summary section on top.

[aishling-scilifelab]

On 1) I have checked it in that the Trivy scan still works here but is there anything else you think I should look for?

1. Nothing specially, when I update some dependency, I mainly look at the changelogs to see if there is some weird change.
2. In the PR I mean, there is this automatically template with a Description / Summary section on top.

Updated the description.

Re: the changelogs for the action version updates, looked at the upload-sarif (which was simple because we're just going from v2 to v3). On the trivy-action though, it's much harder to go through the changelog because we were so behind - 0.7.1 was from August 2022. Had a quick look but still mostly relying on just the Trivy scan on the PR running as normal