aquasecurity/trivy-action@master and dependency-check/dependency-check_action@main are not allowed to be used in cm-jones/thales. Actions in this workflow must be: within a repository owned by cm-jones or created by GitHub.