Hello Isabelle, This is due to https://infra.apache.org/blog/trivy_security_incident.html - the fix is to refer to this action by its commit hash instead of '@v5' and propose this version for the allowlist at https://github.com/apache/infrastructure-actions/blob/main/actions.yml#L394 .
Kind regards, Arnout On Tue, Apr 7, 2026 at 5:01 PM Isabelle Giguere <[email protected]> wrote: > Hi devs; > > Github action "Dependency Submission" has been failing since March 20th. > > > https://github.com/apache/solr/actions/workflows/dependency-graph-submission.yml > > Error message: > "The action gradle/actions/dependency-submission@v5 is not allowed in > apache/solr because all actions must be from a repository owned by your > enterprise..." > > Any thoughts ? > > Isabelle Giguère > -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant
