Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-helm-chart.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/publish-helm-chart.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-snapshot.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release-snapshot.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-snapshot.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release-snapshot.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-snapshot.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release-snapshot.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-snapshot.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release-snapshot.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-snapshot.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release-snapshot.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-snapshot.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release-snapshot.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-snapshot.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release-snapshot.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-snapshot.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release-snapshot.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/aquasecurity/starboard/release.yaml/main?enable=pin
Warn: containerImage not pinned by hash: build/mkdocs-material/Dockerfile:1: pin your Docker image by updating squidfunk/mkdocs-material:8.2.7 to squidfunk/mkdocs-material:8.2.7@sha256:63b7eefc788ee83928a75d32f10493a347e63a00d569d26ed0ebf98df9c44f63
Warn: containerImage not pinned by hash: build/scanner-aqua/Dockerfile:1: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: build/starboard-operator/Dockerfile:1: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: build/starboard-operator/Dockerfile.fips:1: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: build/starboard-operator/Dockerfile.fips.ubi8:1: pin your Docker image by updating registry.access.redhat.com/ubi8/ubi-minimal to registry.access.redhat.com/ubi8/ubi-minimal@sha256:fceb1f445ccd61a60d91d404fd76dbebaf3403e6cc2219cf6d6af4fd4bf7df6a
Warn: containerImage not pinned by hash: build/starboard-operator/Dockerfile.fips.ubi9:1: pin your Docker image by updating registry.access.redhat.com/ubi9/ubi-minimal to registry.access.redhat.com/ubi9/ubi-minimal@sha256:383329bf9c4f968e87e85d30ba3a5cb988a3bbde28b8e4932dcd3a025fd9c98c
Warn: containerImage not pinned by hash: build/starboard-operator/Dockerfile.ubi8:1: pin your Docker image by updating registry.access.redhat.com/ubi8/ubi-minimal to registry.access.redhat.com/ubi8/ubi-minimal@sha256:fceb1f445ccd61a60d91d404fd76dbebaf3403e6cc2219cf6d6af4fd4bf7df6a
Warn: containerImage not pinned by hash: build/starboard-operator/Dockerfile.ubi9:1: pin your Docker image by updating registry.access.redhat.com/ubi9/ubi-minimal to registry.access.redhat.com/ubi9/ubi-minimal@sha256:383329bf9c4f968e87e85d30ba3a5cb988a3bbde28b8e4932dcd3a025fd9c98c
Warn: containerImage not pinned by hash: build/starboard/Dockerfile:1: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: pipCommand not pinned by hash: build/mkdocs-material/Dockerfile:3
Warn: pipCommand not pinned by hash: build/mkdocs-material/Dockerfile:4
Warn: pipCommand not pinned by hash: .github/workflows/publish-docs.yaml:33
Warn: pipCommand not pinned by hash: .github/workflows/publish-docs.yaml:34
Warn: pipCommand not pinned by hash: .github/workflows/publish-docs.yaml:35
Info: 4 out of 28 GitHub-owned GitHubAction dependencies pinned
Info: 7 out of 30 third-party GitHubAction dependencies pinned
Info: 0 out of 9 containerImage dependencies pinned
Info: 0 out of 5 pipCommand dependencies pinned