Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: .github/win/innosetup/Dockerfile:9
Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: .github/win/innosetup/Dockerfile:10
Info: Possibly incomplete results: error parsing shell code: not a valid arithmetic operator: \setup\thumbprint: .github/win/innosetup/Dockerfile:11-13
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-cves.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/check-cves.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-cves.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/check-cves.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-cves.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/check-cves.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/golangci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/golangci-lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/golangci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/golangci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/golangci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:399: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:409: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:420: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:431: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:451: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:468: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:608: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:771: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:774: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:860: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:867: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:919: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:937: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:961: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:971: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:1001: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:1007: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:1016: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:1047: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:277: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:378: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:628: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:632: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:694: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:739: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-sign-upload.yml:897: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-build-sign-upload.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-bump-gpg.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-bump-gpg.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-update-repos.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-update-repos.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-update-repos.yml:393: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-update-repos.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-update-repos.yml:422: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-update-repos.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-update-repos.yml:479: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-update-repos.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-update-repos.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-update-repos.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-update-repos.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-update-repos.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-update-repos.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-update-repos.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-update-repos.yml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/release-update-repos.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale-issues.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/stale-issues.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-integration-reusable.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/tests-integration-reusable.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-integration-reusable.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/tests-integration-reusable.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-integration-reusable.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/tests-integration-reusable.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-integration-reusable.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/tests-integration-reusable.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-integration.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/tests-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-integration.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/tests-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-integration.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/tests-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-integration.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/tests-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-integration.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/tests-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-unit.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/tests-unit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-unit.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/tests-unit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/util-code-quality.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/util-code-quality.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/util-code-quality.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/util-code-quality.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/util-code-quality.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/util-code-quality.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/util-code-quality.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/cli/util-code-quality.yml/main?enable=pin
Warn: containerImage not pinned by hash: .github/win/innosetup/Dockerfile:4: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2019 to mcr.microsoft.com/windows/servercore:ltsc2019@sha256:0cb5fd75c08e7246afc6cc16bfe769d91af54fdb72ca58df150ebf5e3a2972ad
Warn: chocoCommand not pinned by hash: .github/win/innosetup/Dockerfile:19
Warn: goCommand not pinned by hash: bin/generate-language-resources:5
Info: 0 out of 59 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 7 third-party GitHubAction dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 0 out of 1 chocoCommand dependencies pinned