CCM-15866: Address Even More Sonar Findings (#107)

Author: jamesthompson26-nhs

.github/workflows/scorecard.yml

@@ -14,8 +14,9 @@ on:
   push:
     branches: [ "main" ]
 
-# Declare default permissions as read only.
-permissions: read-all
+# Declare default permissions explicitly as read-only.
+permissions:
+  contents: read
 
 jobs:
   analysis:

.github/workflows/stage-2-test.yaml

@@ -37,8 +37,7 @@ env:
   TERM: xterm-256color
 
 permissions:
-  id-token: write # This is required for requesting the JWT
-  contents: read  # This is required for actions/checkout
+  contents: read # This is required for actions/checkout
 
 jobs:
   check-generated-dependencies:

scripts/config/sonar-scanner.properties

@@ -4,7 +4,7 @@ sonar.host.url=https://sonarcloud.io
 sonar.qualitygate.wait=true
 sonar.sourceEncoding=UTF-8
 sonar.sources=.
-sonar.exclusions=lambdas/*/src/__tests__/**/*,containers/**/src/__tests__,infrastructure/terraform/bin/terraform.sh
+sonar.exclusions=lambdas/*/src/__tests__/**/*,containers/**/src/__tests__/**/*,infrastructure/terraform/bin/terraform.sh
 sonar.terraform.provider.aws.version=5.54.1
 sonar.cpd.exclusions=**.test.*
 sonar.coverage.exclusions=tests/, **/*.dev.*, lambdas/**/src/__tests__, utils/utils/src/zod-validators.ts ,**/jest.config.ts,scripts/**/*, containers/**/src/__tests__, eslint.config.mjs, docs/assets/js/nhs-notify.js, containers/example-app/src/server.ts