step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f, actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683, ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46, actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b, and github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 are not allowed to be used in toshiba/sw360. Actions in this workflow must be: within a repository owned by toshiba.