Warn: third-party GitHubAction not pinned by hash: .github/workflows/closed-issue-message.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/closed-issue-message.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codegen.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/codegen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codegen.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/codegen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codegen.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/codegen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/go.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/handle-stale-discussions.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/handle-stale-discussions.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/integration-tests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/integration-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-regression-labeler.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/issue-regression-labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license-check.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/license-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license-check.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/license-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license-check.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/license-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license-check.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/license-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/snapshot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/snapshot.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale_issue.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-sdk-go-v2/stale_issue.yml/main?enable=pin
Warn: containerImage not pinned by hash: internal/awstesting/sandbox/Dockerfile.golang-tip:4: pin your Docker image by updating buildpack-deps:buster-scm to buildpack-deps:buster-scm@sha256:17f1d5354613314ba0e249292483a3a3f13434bee5dea58a61e338e11f4bcacc
Warn: containerImage not pinned by hash: internal/awstesting/sandbox/Dockerfile.test.gotip:1
Warn: containerImage not pinned by hash: internal/awstesting/sandbox/Dockerfile.test.goversion:2
Warn: goCommand not pinned by hash: .github/workflows/go.yml:40
Warn: goCommand not pinned by hash: .github/workflows/go.yml:68
Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 5 third-party GitHubAction dependencies pinned
Info: 0 out of 2 goCommand dependencies pinned
Info: 0 out of 3 containerImage dependencies pinned