fixup: review feedback for new scans

.github/workflows/security-scan.yml

@@ -75,8 +75,6 @@ jobs:
         uses: ./security-scanner
         with:
           repository: "$PWD"
-          cache-build: true
-          cache-go-modules: false
           # See scan.hcl at repository root for config.
 
       - name: SARIF Output

scan.hcl

@@ -16,9 +16,8 @@
 
 repository {
   go_modules   = true
+  npm          = true
   osv          = true
-  oss_index    = true
-  nvd          = true
 
   secrets {
     all = true