actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c, ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86, actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce, and github/codeql-action/upload-sarif@39d8d7e78f59cf6b40ac3b9fbebef0c753d7c9e5 are not allowed to be used in giantswarm/kyverno-upstream. Actions in this workflow must be: within a repository owned by giantswarm or matching the following: actions/checkout@v3, tibdex/github-app-token@v1.