Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/docker.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/docker.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/docker.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/docker.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/docker.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/docker.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hub.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/hub.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/hub.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/hub.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/hub.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/hub.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/hub.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/hub.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/hub.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/hub.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/hub.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/hub.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/pr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/pr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/pr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/micro/micro/tests.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:13: pin your Docker image by updating alpine:3.18 to alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f
Warn: containerImage not pinned by hash: test/Dockerfile:1: pin your Docker image by updating alpine:3.12.1 to alpine:3.12.1@sha256:c0e9560cda118f9ec63ddefb4a173a2b2a0347082d7dff7dc14272e7841a5b5a
Warn: containerImage not pinned by hash: test/Dockerfile-kind:1: pin your Docker image by updating alpine:3.12.1 to alpine:3.12.1@sha256:c0e9560cda118f9ec63ddefb4a173a2b2a0347082d7dff7dc14272e7841a5b5a
Warn: containerImage not pinned by hash: test/dep-test/dep-test-service/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: goCommand not pinned by hash: test/Dockerfile:20
Warn: goCommand not pinned by hash: test/Dockerfile:21
Warn: pipCommand not pinned by hash: scripts/generate-clients.sh:24
Warn: npmCommand not pinned by hash: scripts/generate-clients.sh:25
Warn: downloadThenRun not pinned by hash: scripts/generate-clients.sh:26
Warn: goCommand not pinned by hash: scripts/gomod.sh:10
Warn: goCommand not pinned by hash: scripts/kind-prereqs.sh:10
Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned
Info: 5 out of 9 goCommand dependencies pinned