aquasecurity/trivy-action@cff3e9a7f62c41dd51975266d0ae235709e39c41, actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce, actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c, actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a, and jasonetco/create-an-issue@e27dddc79c92bc6e4562f268fffa5ed752639abd are not allowed to be used in giantswarm/kyverno-upstream. Actions in this workflow must be: within a repository owned by giantswarm or matching the following: actions/checkout@v3, tibdex/github-app-token@v1.