Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/release-docker-images.yml:83
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/codeql.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/codeql.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/codeql.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/codeql.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/codeql.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conventional_commits.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/conventional_commits.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/conventional_commits.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/conventional_commits.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/golangci-lint.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/golangci-lint.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/golangci-lint.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_management.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/project_management.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_management.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/project_management.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_management.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/project_management.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_management.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/project_management.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_management.yml:379: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/project_management.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/project_management.yml:382: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/project_management.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-binaries.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-binaries.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-binaries.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-binaries.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-binaries.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-binaries.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-binaries.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-binaries.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-binaries.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-binaries.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-binaries.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-binaries.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-binaries.yml:205: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-binaries.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-binaries.yml:265: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-binaries.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-binaries.yml:271: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-binaries.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-binaries.yml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-binaries.yml/develop?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-docker-images.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-docker-images.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-docker-images.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-docker-images.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-docker-images.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-docker-images.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-docker-images.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-docker-images.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-docker-images.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-docker-images.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-docker-images.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-docker-images.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-docker-images.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-docker-images.yml/develop?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-docker-images.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/vegaprotocol/vega/release-docker-images.yml/develop?enable=pin
Warn: containerImage not pinned by hash: docker/Dockerfile:1
Warn: containerImage not pinned by hash: docker/Dockerfile:2
Warn: containerImage not pinned by hash: docker/Dockerfile:4: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Warn: containerImage not pinned by hash: docker/data-node.dockerfile:1
Warn: containerImage not pinned by hash: docker/data-node.dockerfile:8: pin your Docker image by updating alpine:3.16 to alpine:3.16@sha256:452e7292acee0ee16c332324d7de05fa2c99f9994ecc9f0779c602916a672ae4
Warn: containerImage not pinned by hash: docker/vega.dockerfile:1
Warn: containerImage not pinned by hash: docker/vega.dockerfile:8: pin your Docker image by updating alpine:3.16 to alpine:3.16@sha256:452e7292acee0ee16c332324d7de05fa2c99f9994ecc9f0779c602916a672ae4
Warn: containerImage not pinned by hash: docker/vegawallet.dockerfile:1
Warn: containerImage not pinned by hash: docker/vegawallet.dockerfile:7: pin your Docker image by updating alpine:3.16 to alpine:3.16@sha256:452e7292acee0ee16c332324d7de05fa2c99f9994ecc9f0779c602916a672ae4
Info: 0 out of 20 GitHub-owned GitHubAction dependencies pinned
Info: 3 out of 17 third-party GitHubAction dependencies pinned
Info: 0 out of 9 containerImage dependencies pinned