Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/check-generated.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/check-generated.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/check-generated.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/check-generated.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cometbft-docker.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/cometbft-docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cometbft-docker.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/cometbft-docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cometbft-docker.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/cometbft-docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cometbft-docker.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/cometbft-docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cometbft-docker.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/cometbft-docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/conventional-pr-title.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/conventional-pr-title.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/conventional-pr-title.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/conventional-pr-title.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/conventional-pr-title.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/conventional-pr-title.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-toc.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/docs-toc.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-long-main.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-long-main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-long-main.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-long-main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-long-main.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-long-main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-manual-debug.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-manual-debug.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-manual-debug.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-manual-debug.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-manual-multiversion.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-manual-multiversion.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-manual-multiversion.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-manual-multiversion.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-manual.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-manual.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-manual.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-manual.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-nightly-1x.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-nightly-1x.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-nightly-1x.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-nightly-1x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-nightly-1x.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-nightly-1x.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-nightly-38x.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-nightly-38x.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-nightly-38x.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-nightly-38x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-nightly-38x.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-nightly-38x.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-nightly-main.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-nightly-main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-nightly-main.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-nightly-main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-nightly-main.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e-nightly-main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz-nightly.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/fuzz-nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz-nightly.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/fuzz-nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz-nightly.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/fuzz-nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz-nightly.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/fuzz-nightly.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fuzz-nightly.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/fuzz-nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/govulncheck.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/govulncheck.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/govulncheck.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/govulncheck.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration_tests.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/integration_tests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration_tests.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/integration_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration_tests.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/integration_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/markdown-linter.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/markdown-linter.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/markdown-linter.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/markdown-linter.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify-about-breaking-changes.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/notify-about-breaking-changes.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/notify-about-breaking-changes.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/notify-about-breaking-changes.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/pre-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/pre-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pre-release.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/pre-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pre-release.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/pre-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/proto-lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/proto-lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/proto-lint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/proto-lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/proto-lint.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/proto-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-version.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/release-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-version.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/release-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/stale.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-slack-notification.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/test-slack-notification.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testapp-docker.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/testapp-docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/testapp-docker.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/testapp-docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/testapp-docker.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/testapp-docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/testapp-docker.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/testapp-docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/testapp-docker.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/testapp-docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/tests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/cometbft/cometbft/tests.yml/main?enable=pin
Warn: containerImage not pinned by hash: DOCKER/Dockerfile:6
Warn: containerImage not pinned by hash: DOCKER/Dockerfile:16
Warn: containerImage not pinned by hash: DOCKER/Dockerfile.testing:1: pin your Docker image by updating golang:latest to golang:latest@sha256:927112936d6b496ed95f55f362cc09da6e3e624ef868814c56d55bd7323e0959
Warn: containerImage not pinned by hash: spec/ivy-proofs/Dockerfile:2: pin your Docker image by updating debian:buster to debian:buster@sha256:58ce6f1271ae1c8a2006ff7d3e54e9874d839f573d8009c20154ad0f2fb0a225
Warn: containerImage not pinned by hash: test/e2e/docker/Dockerfile:4: pin your Docker image by updating cometbft/cometbft-db-testing:v1.0.2 to cometbft/cometbft-db-testing:v1.0.2@sha256:8f791123a298949196b64cc5cde9aa46a0cb421a811422ba981ff0737fb70905
Warn: containerImage not pinned by hash: test/e2e/docker/Dockerfile.debug:4: pin your Docker image by updating cometbft/cometbft-db-testing:v1.0.2 to cometbft/cometbft-db-testing:v1.0.2@sha256:8f791123a298949196b64cc5cde9aa46a0cb421a811422ba981ff0737fb70905
Warn: containerImage not pinned by hash: test/e2e/docker/Dockerfile.fast:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: pipCommand not pinned by hash: spec/ivy-proofs/Dockerfile:31
Warn: goCommand not pinned by hash: test/e2e/docker/Dockerfile.debug:8
Warn: goCommand not pinned by hash: test/fuzz/oss-fuzz-build.sh:16
Warn: goCommand not pinned by hash: .github/workflows/fuzz-nightly.yml:30
Info: 0 out of 52 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 30 third-party GitHubAction dependencies pinned
Info: 0 out of 7 containerImage dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 1 out of 4 goCommand dependencies pinned