ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 is not allowed to be used in mozilla/rhino. Actions in this workflow must be: within a repository that belongs to your Enterprise account, created by GitHub, or matching the following: !/mozilla/**, !mozilla/**, ./**, 10up/wpcs-action@*, aws-actions/*, docker/*, pypa/gh-action-pypi-publish@v1.4.2, slackapi/slack-github-action@*, google-github-actions/*, erlef/setup-beam@v1, yesolutions/mirror-action@*, codecov/codecov-action@*, tj-actions/changed-files@*, tj-actions/glob@*, actions-rs/toolchain@v1, shivammathur/setup-php@*, EmbarkStudios/*, dependabot/fetch-metadata@*, ilammy/msvc-dev-cmd@v1*, canonical/actions/*, canonical/setup-lxd@*, dtolnay/rust-toolchain@*, pypa/gh-action-pypi-publish@release/v1*, vmactions/freebsd-vm@*, benchmark-action/github-action-benchmark@*, Swatinem/rust-cache@*, thollander/actions-comment-pull-request@*, guibranco/github-status-action-v2@v1.1.13.