diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 40422292..6e37f2e9 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -366,7 +366,9 @@ jobs:
       - name: Upload coverage results to Coveralls
         if: ${{ success() }}
         env:
-          COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_TOKEN }}
+          # Dependabot does not have access to secrets, other than the GH token.
+          # Ref: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
+          COVERALLS_REPO_TOKEN: ${{ github.actor != 'dependabot[bot]' || "secrets.COVERALLS_TOKEN" && "secrets.GITHUB_TOKEN" }}
           COVERALLS_PARALLEL: true
           COVERALLS_FLAG_NAME: php-${{ matrix.php }}-phpcs-${{ matrix.phpcs_version }}
         run: php-coveralls -v -x build/logs/clover.xml
@@ -381,5 +383,7 @@ jobs:
       - name: Coveralls Finished
         uses: coverallsapp/github-action@v2
         with:
-          github-token: ${{ secrets.COVERALLS_TOKEN }}
+          # Dependabot does not have access to secrets, other than the GH token.
+          # Ref: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
+          github-token: ${{ github.actor != 'dependabot[bot]' || "secrets.COVERALLS_TOKEN" && "secrets.GITHUB_TOKEN" }}
           parallel-finished: true