Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: parts/linux/cloud-init/artifacts/cse_cmd.sh:0
Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-update.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/auto-update.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/buf.yaml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/buf.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/buf.yaml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cflite_build.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/cflite_build.yaml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cflite_prune.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/cflite_prune.yaml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cflite_prune.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/cflite_prune.yaml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cflite_prune.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/cflite_prune.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-coverage.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/check-coverage.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-coverage.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/check-coverage.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-coverage.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/check-coverage.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-coverage.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/check-coverage.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-coverage.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/check-coverage.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/codeql-analysis.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/codeql-analysis.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/codeql-analysis.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/codeql-analysis.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/generate-kubelet-flags.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/generate-kubelet-flags.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-kubelet-flags.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/generate-kubelet-flags.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-test.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/go-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-test.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/go-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/golangci-lint.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/golangci-lint.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/golangci-lint.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shellcheck.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/shellcheck.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shellcheck.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/shellcheck.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shellspec.yaml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/shellspec.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shellspec.yaml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/shellspec.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-components.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/validate-components.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-components.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/validate-components.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-image-version.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/validate-image-version.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-windows-binary-signature.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/validate-windows-binary-signature.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-windows-binary-signature.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/validate-windows-binary-signature.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-windows-ut.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/AgentBaker/validate-windows-ut.yml/dev?enable=pin
Warn: containerImage not pinned by hash: aks-node-controller/protoc.Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/azurelinux/base/core:3.0 to mcr.microsoft.com/azurelinux/base/core:3.0@sha256:07540f424a12aa58f0de61aab38e9670c82f16b35a2ba3e449309596d422109b
Warn: pipCommand not pinned by hash: vhdbuilder/packer/test/linux-vhd-content-test.sh:963
Warn: pipCommand not pinned by hash: vhdbuilder/packer/trivy-scan.sh:68
Warn: goCommand not pinned by hash: .github/workflows/validate-components.yml:19
Info: 0 out of 22 GitHub-owned GitHubAction dependencies pinned
Info: 3 out of 14 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 0 out of 2 pipCommand dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned