BST-18082 Add tests for trivy-fs and trivy-sbom scanners

Migrated test targets from boost-sandbox/module-tests-trivy to the new
test harness. Converted SSH URLs to HTTPS format.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: lindycoder

scanners/boostsecurityio/trivy-fs/tests.yaml

@@ -3,10 +3,20 @@ tests:
   - name: "gitleaks"
     type: "source-code"
     source:
-      url: "git@github.com:gitleaks/gitleaks.git"
+      url: "https://github.com/gitleaks/gitleaks.git"
       ref: "v8.15.2"
   - name: "osv-scanner"
     type: "source-code"
     source:
-      url: "git@github.com:google/osv-scanner.git"
+      url: "https://github.com/google/osv-scanner.git"
       ref: "main"
+  - name: "rclone"
+    type: "source-code"
+    source:
+      url: "https://github.com/rclone/rclone.git"
+      ref: "v1.65.2"
+  - name: "kubeaudit"
+    type: "source-code"
+    source:
+      url: "https://github.com/Shopify/kubeaudit.git"
+      ref: "v0.18.0"

scanners/boostsecurityio/trivy-sbom-image/tests.yaml

@@ -0,0 +1,10 @@
+version: "1.0"
+tests:
+  - name: "Image scanning"
+    type: "container-image"
+    source:
+      url: "https://github.com/martin-boost-dev/boost-poc-registry-testing-trivy"
+      ref: "main"
+    scan_paths:
+      - "rclone"
+      - "osv-scanner"

scanners/boostsecurityio/trivy-sbom/tests.yaml

@@ -0,0 +1,22 @@
+version: "1.0"
+tests:
+  - name: "gitleaks"
+    type: "source-code"
+    source:
+      url: "https://github.com/gitleaks/gitleaks.git"
+      ref: "v8.15.2"
+  - name: "osv-scanner"
+    type: "source-code"
+    source:
+      url: "https://github.com/google/osv-scanner.git"
+      ref: "main"
+  - name: "rclone"
+    type: "source-code"
+    source:
+      url: "https://github.com/rclone/rclone.git"
+      ref: "v1.65.2"
+  - name: "kubeaudit"
+    type: "source-code"
+    source:
+      url: "https://github.com/Shopify/kubeaudit.git"
+      ref: "v0.18.0"