Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/nightly.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cleanup.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release-cleanup.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/snapshot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/snapshot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/snapshot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/snapshot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/snapshot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/snapshot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/snapshot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/snapshot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/snapshot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/validate.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/validate.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/citrusframework/yaks/validate.yml/main?enable=pin
Warn: containerImage not pinned by hash: build/Dockerfile:17: pin your Docker image by updating eclipse-temurin:17 to eclipse-temurin:17@sha256:7fccb2a944c8caed3a1f7e56a02ca52cebe5a95e06cb3e4fd35e26b9a6e7dfeb
Info: 0 out of 40 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 5 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned