Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/br_compatible_test.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/br_compatible_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/br_compatible_test.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/br_compatible_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/br_compatible_test.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/br_compatible_test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bug-closed.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/bug-closed.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bug-closed.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/bug-closed.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compile_br.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/compile_br.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compile_br.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/compile_br.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compile_br.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/compile_br.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compile_br.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/compile_br.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compile_br.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/compile_br.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compile_br.yaml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/compile_br.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dumpling_integration_test.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/dumpling_integration_test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/labeler.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/labeler.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license-checker.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/license-checker.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/license-checker.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Al-assad/tidb/license-checker.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:16
Warn: containerImage not pinned by hash: Dockerfile:43: pin your Docker image by updating alpine to alpine@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: br/docker/Dockerfile:2
Warn: containerImage not pinned by hash: br/docker/Dockerfile:9
Warn: containerImage not pinned by hash: br/docker/Dockerfile:11: pin your Docker image by updating golang:1.16.4-buster to golang:1.16.4-buster@sha256:fc58cc5aaeb7fe258a7d31450e8d0480dd2cb07e4c6fd9bf2a09b464ce0e379c
Info: 0 out of 19 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 7 third-party GitHubAction dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned