Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/action_syntax.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/action_syntax.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/action_syntax.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/action_syntax.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/apidiff.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/apidiff.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/apidiff.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/apidiff.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/apidiff.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/apidiff.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/apidiff.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/apidiff.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/apidiff.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conformance.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/conformance.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conformance.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/conformance.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conformance.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/conformance.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/new_client.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/new_client.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/new_client.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/new_client.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/new_client.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/new_client.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/new_client.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/new_client.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/owlbot_validation.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/owlbot_validation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/owlbot_validation.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/owlbot_validation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/third_party_check.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/third_party_check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/third_party_check.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/third_party_check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/third_party_check.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/third_party_check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vet.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/vet.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vet.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-go/vet.yml/main?enable=pin
Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:2
Warn: containerImage not pinned by hash: internal/gapicgen/cmd/genbot/Dockerfile:1
Warn: containerImage not pinned by hash: internal/gapicgen/cmd/genbot/Dockerfile:4: pin your Docker image by updating docker:25.0 to docker:25.0@sha256:b41d0183012e2334aacd4e0b8e339b89246c4fdb7eada6cc86b0355f41328549
Warn: containerImage not pinned by hash: internal/postprocessor/Dockerfile:15
Warn: containerImage not pinned by hash: profiler/busybench/Dockerfile:1: pin your Docker image by updating golang:alpine to golang:alpine@sha256:04ec5618ca64098b8325e064aa1de2d3efbbd022a3ac5554d49d5ece99d41ad5
Warn: goCommand not pinned by hash: internal/gapicgen/cmd/genbot/Dockerfile:30-34
Warn: goCommand not pinned by hash: internal/gapicgen/cmd/genbot/Dockerfile:30-34
Warn: goCommand not pinned by hash: internal/gapicgen/cmd/genbot/Dockerfile:30-34
Warn: goCommand not pinned by hash: internal/postprocessor/Dockerfile:25-29
Warn: goCommand not pinned by hash: internal/postprocessor/Dockerfile:25-29
Warn: goCommand not pinned by hash: internal/postprocessor/Dockerfile:25-29
Warn: goCommand not pinned by hash: internal/postprocessor/Dockerfile:25-29
Warn: goCommand not pinned by hash: bigtable/conformance_test.sh:54
Warn: pipCommand not pinned by hash: internal/kokoro/environment.sh:97
Warn: goCommand not pinned by hash: .github/workflows/apidiff.yml:59
Warn: goCommand not pinned by hash: .github/workflows/conformance.yaml:55
Warn: goCommand not pinned by hash: .github/workflows/vet.yml:25
Info: 0 out of 23 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned
Info: 7 out of 18 goCommand dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned