Hey, thank you for the response.
No, we disabled “Execute Analysis” for “Anonymous” members in order to avoid the issue of getting Summary Comments on PRs in the main repo (usually old ones) from PRs in forks (within the fork repo itself, as in the Dependabot example above).
However, with anonymous execution disabled, we can’t run scans on PRs from forks to the main repo, because the secret isn’t shared between the different orgs.
I saw the workaround Cody Ebberson shared in his post, but haven’t tried it yet. Still, that only solves half of the problem for us.