Info: Possibly incomplete results: error parsing shell code: not a valid arithmetic operator: branch: .github/workflows/client-report-app-version.yaml:141
Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-get-chart-release.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-get-chart-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-get-chart-release.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-get-chart-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-get-environment.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-get-environment.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-get-environment.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-get-environment.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-refresh-environment.yaml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-refresh-environment.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-refresh-environment.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-refresh-environment.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-refresh-environment.yaml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-refresh-environment.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-report-app-version.yaml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-report-app-version.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-report-app-version.yaml:239: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-report-app-version.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-report-app-version.yaml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-report-app-version.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-report-chart-version.yaml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-report-chart-version.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-report-chart-version.yaml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-report-chart-version.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-report-chart-version.yaml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-report-chart-version.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-report-workflow.yaml:216: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-report-workflow.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-report-workflow.yaml:280: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-report-workflow.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-report-workflow.yaml:292: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-report-workflow.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-set-environment-app-version.yaml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-set-environment-app-version.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-set-environment-app-version.yaml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-set-environment-app-version.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-set-environment-app-version.yaml:222: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-set-environment-app-version.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-set-environment-chart-version.yaml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-set-environment-chart-version.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-set-environment-chart-version.yaml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-set-environment-chart-version.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-set-environment-chart-version.yaml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/client-set-environment-chart-version.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:233: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:253: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:261: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-build.yaml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-check-api-diff.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-api-diff.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-check-api-diff.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-api-diff.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-check-api-diff.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-api-diff.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-check-api-diff.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-api-diff.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-check-api-diff.yaml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-api-diff.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-check-dependency-review.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-dependency-review.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-check-dependency-review.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-dependency-review.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-check-lint.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-check-lint.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-lint.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-check-lint.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-check-test.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-check-test.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-test.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-check-test.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-check-test.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-container-scan.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-container-scan.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-container-scan.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-container-scan.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-container-scan.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-container-scan.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-dependabot-automerge.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-dependabot-automerge.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-deploy-webhook-proxy.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-deploy-webhook-proxy.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-deploy-webhook-proxy.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-deploy-webhook-proxy.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-deploy-webhook-proxy.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-deploy-webhook-proxy.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-deploy-webhook-proxy.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-deploy-webhook-proxy.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-deploy-webhook-proxy.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-deploy-webhook-proxy.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sherlock-test-auth-transparency.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-test-auth-transparency.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sherlock-test-auth-transparency.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/broadinstitute/sherlock/sherlock-test-auth-transparency.yaml/main?enable=pin
Warn: containerImage not pinned by hash: sherlock/Dockerfile:17
Warn: containerImage not pinned by hash: sherlock/Dockerfile:34
Warn: goCommand not pinned by hash: sherlock/Dockerfile:30-32
Warn: npmCommand not pinned by hash: .github/workflows/sherlock-build.yaml:171
Info: 0 out of 27 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 33 third-party GitHubAction dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned