ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d is not allowed to be used in boostsecurityio/dev-registry. Actions in this workflow must be: within a repository that belongs to your Enterprise account, created by GitHub, or matching the following: boostsecurityio/*, anchore/sbom-action@*, aws-actions/*, dorny/paths-filter@*, hashicorp/*, sigstore/cosign-installer@*, chainguard-dev/actions/*, step-security/harden-runner@*.