Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actionlint.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/actionlint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:205: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:261: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/azure-e2e-test.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-e2e-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/azure-podvm-image-build.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-podvm-image-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/azure-podvm-image-build.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-podvm-image-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/azure-podvm-image-build.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/azure-podvm-image-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-golang-fedora.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build-golang-fedora.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-golang-fedora.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build-golang-fedora.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-golang-fedora.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build-golang-fedora.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-golang-fedora.yaml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build-golang-fedora.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-golang-fedora.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build-golang-fedora.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-golang-fedora.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build-golang-fedora.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/caa_build_and_push.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/caa_build_and_push.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push.yaml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push.yaml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/caa_build_and_push_per_arch.yaml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/caa_build_and_push_per_arch.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit-message-check.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/commit-message-check.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit-message-check.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/commit-message-check.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit-message-check.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/commit-message-check.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit-message-check.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/commit-message-check.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit-message-check.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/commit-message-check.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csi_wrapper_images.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/csi_wrapper_images.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csi_wrapper_images.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/csi_wrapper_images.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/csi_wrapper_images.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/csi_wrapper_images.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/csi_wrapper_images.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/csi_wrapper_images.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/csi_wrapper_images.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/csi_wrapper_images.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/csi_wrapper_images.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/csi_wrapper_images.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/daily-e2e-tests-ibmcloud.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/daily-e2e-tests-ibmcloud.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/daily-e2e-tests-ibmcloud.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/daily-e2e-tests-ibmcloud.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_libvirt.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/e2e_libvirt.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_libvirt.yaml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/e2e_libvirt.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e_libvirt.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/e2e_libvirt.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_run_all.yaml:227: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/e2e_run_all.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_run_all.yaml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/e2e_run_all.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_run_all.yaml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/e2e_run_all.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lib-codeql.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lib-codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lib-codeql.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lib-codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lib-codeql.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lib-codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lib-codeql.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lib-codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/links.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/links.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/links.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/links.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/links.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/links.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/peerpod-ctrl_image.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/peerpod-ctrl_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/peerpod-ctrl_image.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/peerpod-ctrl_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/peerpod-ctrl_image.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/peerpod-ctrl_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/peerpod-ctrl_image.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/peerpod-ctrl_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/peerpod-ctrl_image.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/peerpod-ctrl_image.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/podvm.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/podvm_binaries.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_binaries.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_binaries.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_binaries.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_binaries.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_binaries.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_binaries.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_binaries.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_binaries.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_binaries.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/podvm_builder.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_builder.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_builder.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_builder.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_builder.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_builder.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_builder.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_builder.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_builder.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_builder.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/podvm_mkosi.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_mkosi.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_mkosi.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_mkosi.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_mkosi.yaml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_mkosi.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_mkosi.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_mkosi.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_mkosi.yaml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_mkosi.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/podvm_mkosi.yaml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_mkosi.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/podvm_mkosi.yaml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/podvm_mkosi.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/stale.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-images.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/test-images.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-images.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/test-images.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-images.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/test-images.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-images.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/test-images.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-images.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/test-images.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-images.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/test-images.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/webhook_image.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/webhook_image.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/webhook_image.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/webhook_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/webhook_image.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/webhook_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/webhook_image.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/webhook_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/webhook_image.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/confidential-containers/cloud-api-adaptor/webhook_image.yaml/main?enable=pin
Warn: containerImage not pinned by hash: hack/Dockerfile.golang:4
Warn: containerImage not pinned by hash: hack/Dockerfile.golang:14
Warn: containerImage not pinned by hash: hack/Dockerfile.golang:17
Warn: containerImage not pinned by hash: hack/Dockerfile.golang:20
Warn: containerImage not pinned by hash: hack/Dockerfile.golang:23
Warn: containerImage not pinned by hash: hack/Dockerfile.golang:27
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/Dockerfile:10
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/Dockerfile:16
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/Dockerfile:21
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/Dockerfile:41
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/Dockerfile:54
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/Dockerfile:60
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/Dockerfile:63
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/aws/image/Dockerfile:12
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/aws/image/Dockerfile:13
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/azure/image/Dockerfile:11
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/azure/image/Dockerfile:12
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm-mkosi/Dockerfile.podvm_docker_provider:4
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm/Dockerfile.podvm:12
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm/Dockerfile.podvm:13
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm/Dockerfile.podvm.rhel:10
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm/Dockerfile.podvm.rhel:11
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries:9
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries.fedora:8
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries.fedora:53
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries.rhel:9
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries.rhel:43: pin your Docker image by updating registry.access.redhat.com/ubi9/ubi:9.4 to registry.access.redhat.com/ubi9/ubi:9.4@sha256:ee0b908e958a1822afc57e5d386d1ea128eebe492cb2e01b6903ee19c133ea75
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm/Dockerfile.podvm_builder:9: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/podvm/Dockerfile.podvm_builder.rhel:9: pin your Docker image by updating registry.access.redhat.com/ubi9/ubi:9.4 to registry.access.redhat.com/ubi9/ubi:9.4@sha256:ee0b908e958a1822afc57e5d386d1ea128eebe492cb2e01b6903ee19c133ea75
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/test/e2e/fixtures/Dockerfile.curl-jq:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:b97e2a89d0b9e4011bb88c02ddf01c544b8c781acf1f4d559e7c8f12f1047ac3
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/test/e2e/fixtures/Dockerfile.largeimage:1: pin your Docker image by updating alpine:3.17 to alpine:3.17@sha256:8fc3dacfb6d69da8d44e42390de777e48577085db99aa4e4af35f483eb08b989
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/test/e2e/fixtures/Dockerfile.testenv:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:b97e2a89d0b9e4011bb88c02ddf01c544b8c781acf1f4d559e7c8f12f1047ac3
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/test/e2e/fixtures/Dockerfile.testuser:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:b97e2a89d0b9e4011bb88c02ddf01c544b8c781acf1f4d559e7c8f12f1047ac3
Warn: containerImage not pinned by hash: src/cloud-api-adaptor/test/e2e/fixtures/Dockerfile.testworkdir:1
Warn: containerImage not pinned by hash: src/csi-wrapper/Dockerfile.csi_wrappers:10
Warn: containerImage not pinned by hash: src/csi-wrapper/Dockerfile.csi_wrappers:16
Warn: containerImage not pinned by hash: src/csi-wrapper/Dockerfile.csi_wrappers:27
Warn: containerImage not pinned by hash: src/csi-wrapper/Dockerfile.csi_wrappers:33: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Warn: containerImage not pinned by hash: src/peerpod-ctrl/Dockerfile:2
Warn: containerImage not pinned by hash: src/peerpod-ctrl/Dockerfile:33: pin your Docker image by updating registry.fedoraproject.org/fedora:40 to registry.fedoraproject.org/fedora:40@sha256:33653bed5806405256522128ad22df8bef3e0eadc7b57123f3b82b8cc33868d0
Warn: containerImage not pinned by hash: src/webhook/Dockerfile:2
Warn: containerImage not pinned by hash: src/webhook/Dockerfile:24: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6cd937e9155bdfd805d1b94e037f9d6a899603306030936a3b11680af0c2ed58
Warn: downloadThenRun not pinned by hash: src/cloud-api-adaptor/azure/image/Dockerfile:49
Warn: pipCommand not pinned by hash: src/cloud-api-adaptor/libvirt/config_libvirt.sh:90
Warn: downloadThenRun not pinned by hash: .github/workflows/azure-e2e-test.yml:196
Warn: downloadThenRun not pinned by hash: .github/workflows/daily-e2e-tests-ibmcloud.yaml:38
Warn: downloadThenRun not pinned by hash: .github/workflows/daily-e2e-tests-ibmcloud.yaml:40
Warn: downloadThenRun not pinned by hash: .github/workflows/e2e_libvirt.yaml:140
Warn: downloadThenRun not pinned by hash: .github/workflows/e2e_run_all.yaml:141
Warn: goCommand not pinned by hash: .github/workflows/lint.yaml:141
Info: 0 out of 65 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 66 third-party GitHubAction dependencies pinned
Info: 2 out of 3 goCommand dependencies pinned
Info: 0 out of 42 containerImage dependencies pinned
Info: 0 out of 6 downloadThenRun dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned