diff --git a/options/env.go b/options/env.go
index 33354ccf..26879799 100644
--- a/options/env.go
+++ b/options/env.go
@@ -37,10 +37,11 @@ const (
 
 	// TODO(input): INPUT_ constants should be removed in a future release once
 	//              they have replacements in upstream scorecard.
-	EnvInputRepoToken      = "INPUT_REPO_TOKEN" //nolint:gosec
-	EnvInputResultsFile    = "INPUT_RESULTS_FILE"
-	EnvInputResultsFormat  = "INPUT_RESULTS_FORMAT"
-	EnvInputPublishResults = "INPUT_PUBLISH_RESULTS"
+	EnvInputRepoToken         = "INPUT_REPO_TOKEN"             //nolint:gosec
+	EnvInputInternalRepoToken = "INPUT_INTERNAL_DEFAULT_TOKEN" //nolint:gosec
+	EnvInputResultsFile       = "INPUT_RESULTS_FILE"
+	EnvInputResultsFormat     = "INPUT_RESULTS_FORMAT"
+	EnvInputPublishResults    = "INPUT_PUBLISH_RESULTS"
 )
 
 // Errors
diff --git a/options/options.go b/options/options.go
index 81a0e0de..2aca0d74 100644
--- a/options/options.go
+++ b/options/options.go
@@ -34,6 +34,7 @@ var (
 	errGithubEventPathEmpty       = errors.New("GitHub event path is empty")
 	errResultsPathEmpty           = errors.New("results path is empty")
 	errOnlyDefaultBranchSupported = errors.New("only default branch is supported")
+	errInternalDefaultTokenEmpty  = errors.New("internal default token is empty")
 
 	trueStr = "true"
 )
@@ -156,9 +157,12 @@ func (o *Options) Initialize() error {
 	// o.EnableLicense = "1"
 	// o.EnableDangerousWorkflow = "1"
 
-	_, tokenSet := os.LookupEnv(EnvGithubAuthToken)
-	if !tokenSet {
-		inputToken := os.Getenv(EnvInputRepoToken)
+	inputToken := os.Getenv(EnvInputRepoToken)
+	if inputToken == "" {
+		inputToken := os.Getenv(EnvInputInternalRepoToken)
+		if inputToken == "" {
+			return errInternalDefaultTokenEmpty
+		}
 		os.Setenv(EnvGithubAuthToken, inputToken)
 	}