actions/checkout@v4, ossf/[email protected], actions/upload-artifact@v4, and github/codeql-action/upload-sarif@v3 are not allowed to be used in toshiba/sw360. Actions in this workflow must be: within a repository owned by toshiba.