Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/back-to-development.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/back-to-development.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/back-to-development.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/back-to-development.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-ci.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/buf-ci.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-draft-release.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/build-and-draft-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-draft-release.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/build-and-draft-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-draft-release.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/build-and-draft-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release-pr.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/create-release-pr.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release-pr.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/create-release-pr.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/make-upgrade.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/make-upgrade.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/make-upgrade.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/make-upgrade.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/make-upgrade.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/make-upgrade.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-changelog.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/verify-changelog.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile.buf:1
Warn: containerImage not pinned by hash: Dockerfile.buf:16: pin your Docker image by updating alpine:3.22.0 to alpine:3.22.0@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: make/buf/docker/Dockerfile.release:1: pin your Docker image by updating golang:1.24-bookworm to golang:1.24-bookworm@sha256:7b25b1ea217e0a56060953b3d4859134ecbe757d7434f7ce4756e0c25aad1ef0
Info: 0 out of 34 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 3 containerImage dependencies pinned
Info: 1 out of 1 goCommand dependencies pinned