ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d is not allowed to be used in boost-community/scanner-registry. Actions in this workflow must be: within a repository that belongs to your Enterprise account, created by GitHub, or matching the following: anchore/sbom-action@*, aws-actions/*, boostsecurityio/*, chainguard-dev/actions/*, dorny/paths-filter@*, hashicorp/*, sigstore/cosign-installer@*, step-security/harden-runner@*.