Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:274: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:291: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:308: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-publish.yaml:342: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/docker-build-publish.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main-branch-push.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/main-branch-push.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main-branch-push.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/main-branch-push.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main-branch-push.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/main-branch-push.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main-branch-push.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/main-branch-push.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ossrh-publish.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/ossrh-publish.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ossrh-publish.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/ossrh-publish.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ossrh-publish.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/ossrh-publish.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ossrh-publish.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/ossrh-publish.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ossrh-publish.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/ossrh-publish.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ossrh-publish.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/ossrh-publish.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/AthenZ/athenz/pull-request.yaml/master?enable=pin
Warn: containerImage not pinned by hash: docker/db/zms/Dockerfile:1: pin your Docker image by updating mariadb:10.5.13 to mariadb:10.5.13@sha256:5de92aeb70c440cf8622f391a08299281be870961c84a8450e037507ff0b283a
Warn: containerImage not pinned by hash: docker/db/zts/Dockerfile:1: pin your Docker image by updating mariadb:10.5.13 to mariadb:10.5.13@sha256:5de92aeb70c440cf8622f391a08299281be870961c84a8450e037507ff0b283a
Warn: containerImage not pinned by hash: docker/setup-scripts/Dockerfile:1
Warn: containerImage not pinned by hash: docker/setup-scripts/Dockerfile:3: pin your Docker image by updating eclipse-temurin:17-jre-focal to eclipse-temurin:17-jre-focal@sha256:084f4944e5f6472583ce1fc319a704e5c441cebcd55ac27b1bf31bd3878bc1f1
Warn: containerImage not pinned by hash: docker/ui/Dockerfile:1
Warn: containerImage not pinned by hash: docker/ui/Dockerfile:29: pin your Docker image by updating node:hydrogen-alpine to node:hydrogen-alpine@sha256:974afb6cbc0314dc6502b14243b8a39fbb2d04d975e9059dd066be3e274fbb25
Warn: containerImage not pinned by hash: docker/util/Dockerfile:1
Warn: containerImage not pinned by hash: docker/util/athenz-builder/Dockerfile:1
Warn: containerImage not pinned by hash: docker/util/athenz-mvn-base/Dockerfile:3
Warn: containerImage not pinned by hash: docker/util/athenz-mvn-base/Dockerfile:5
Warn: containerImage not pinned by hash: docker/util/athenz-mvn-base/Dockerfile:7
Warn: containerImage not pinned by hash: docker/util/athenz-mvn-base/Dockerfile:9
Warn: containerImage not pinned by hash: docker/util/athenz-mvn-base/Dockerfile:11
Warn: containerImage not pinned by hash: docker/util/rdl-athenz-go-model/Dockerfile:1
Warn: containerImage not pinned by hash: docker/util/rdl-athenz-java-client/Dockerfile:1
Warn: containerImage not pinned by hash: docker/util/rdl-athenz-java-model/Dockerfile:1
Warn: containerImage not pinned by hash: docker/util/rdl-athenz-server/Dockerfile:1
Warn: containerImage not pinned by hash: docker/zms/Dockerfile:1
Warn: containerImage not pinned by hash: docker/zms/Dockerfile:3: pin your Docker image by updating eclipse-temurin:17-jre-focal to eclipse-temurin:17-jre-focal@sha256:084f4944e5f6472583ce1fc319a704e5c441cebcd55ac27b1bf31bd3878bc1f1
Warn: containerImage not pinned by hash: docker/zts/Dockerfile:1
Warn: containerImage not pinned by hash: docker/zts/Dockerfile:3: pin your Docker image by updating eclipse-temurin:17-jre-focal to eclipse-temurin:17-jre-focal@sha256:084f4944e5f6472583ce1fc319a704e5c441cebcd55ac27b1bf31bd3878bc1f1
Warn: npmCommand not pinned by hash: docker/ui/Dockerfile:9
Warn: goCommand not pinned by hash: docker/util/Dockerfile:40-43
Warn: goCommand not pinned by hash: docker/util/rdl-athenz-go-model/Dockerfile:10-11
Warn: goCommand not pinned by hash: docker/util/rdl-athenz-go-model/Dockerfile:15-16
Warn: goCommand not pinned by hash: docker/util/rdl-athenz-java-client/Dockerfile:10-11
Warn: goCommand not pinned by hash: docker/util/rdl-athenz-java-client/Dockerfile:15-16
Warn: goCommand not pinned by hash: docker/util/rdl-athenz-java-model/Dockerfile:10-11
Warn: goCommand not pinned by hash: docker/util/rdl-athenz-java-model/Dockerfile:15-16
Warn: goCommand not pinned by hash: docker/util/rdl-athenz-server/Dockerfile:10-11
Warn: goCommand not pinned by hash: docker/util/rdl-athenz-server/Dockerfile:15-16
Warn: pipCommand not pinned by hash: archive/travis/mkdocs.sh:4
Warn: pipCommand not pinned by hash: archive/travis/mkdocs.sh:5
Warn: pipCommand not pinned by hash: archive/travis/mkdocs.sh:6
Warn: goCommand not pinned by hash: clients/java/msd/scripts/make_stubs.sh:23
Warn: goCommand not pinned by hash: clients/java/zms/scripts/make_stubs.sh:20
Warn: goCommand not pinned by hash: clients/java/zts/scripts/make_stubs.sh:20
Warn: goCommand not pinned by hash: core/msd/scripts/make_stubs.sh:22
Warn: goCommand not pinned by hash: core/zms/scripts/make_stubs.sh:20
Warn: goCommand not pinned by hash: core/zts/scripts/make_stubs.sh:20
Warn: goCommand not pinned by hash: rdl/rdl-gen-athenz-go-client/make_generator.sh:31
Warn: goCommand not pinned by hash: rdl/rdl-gen-athenz-go-model/make_generator.sh:31
Warn: goCommand not pinned by hash: rdl/rdl-gen-athenz-java-client/make_generator.sh:31
Warn: goCommand not pinned by hash: rdl/rdl-gen-athenz-java-model/make_generator.sh:31
Warn: goCommand not pinned by hash: rdl/rdl-gen-athenz-server/make_generator.sh:36
Warn: goCommand not pinned by hash: servers/zms/scripts/make_stubs.sh:20
Warn: goCommand not pinned by hash: servers/zts/scripts/make_stubs.sh:22
Info: 0 out of 21 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 19 third-party GitHubAction dependencies pinned
Info: 0 out of 3 pipCommand dependencies pinned
Info: 0 out of 21 containerImage dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned
Info: 0 out of 22 goCommand dependencies pinned