Enable trivy and dependabot on 1.0 branch (#3046)

Signed-off-by: strailov <Stanislav.Trailov@bosch.io>

.github/workflows/codeql.yaml

@@ -2,9 +2,9 @@ name: "CodeQL Advanced"
 
 on:
   push:
-    branches: [ "master" ]
+    branches: [ "master", "1.0" ]
   pull_request:
-    branches: [ "master" ]
+    branches: [ "master", "1.0" ]
   schedule:
     - cron: '15 18 * * 3'
 

.github/workflows/vulnerability-scan.yaml

@@ -15,10 +15,14 @@ jobs:
   trivy-scan:
     # only on original eclipse-hawkbit/hawkbit repo or when manually triggered
     if: github.repository == 'eclipse-hawkbit/hawkbit' || github.event_name == 'workflow_dispatch'
+    strategy:
+      matrix:
+        branch: [master, "1.0"]
     uses: ./.github/workflows/reusable_workflow_trivy-scan.yaml
     permissions:
       contents: read
       security-events: write
+    # Enable Upload for both branches
     with:
-      ref: ${{ github.ref }}
-      upload: ${{ github.ref == 'refs/heads/master' }}
+      ref: ${{ matrix.branch }}
+      upload: true