Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check_cirrus_cron.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/check_cirrus_cron.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check_cirrus_cron.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/check_cirrus_cron.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check_cirrus_cron.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/check_cirrus_cron.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check_cirrus_cron.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/check_cirrus_cron.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev-bump.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/dev-bump.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev-bump.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/dev-bump.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-labeler.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/issue-labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_pr_lock.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/issue_pr_lock.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue_pr_lock.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/issue_pr_lock.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue_pr_lock.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/issue_pr_lock.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeler.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mac-pkg.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/mac-pkg.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mac-pkg.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/mac-pkg.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mac-pkg.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/mac-pkg.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/machine-os-pr.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/machine-os-pr.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/machine-os-pr.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/machine-os-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-artifacts.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release-artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-artifacts.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release-artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-artifacts.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release-artifacts.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-artifacts.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release-artifacts.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:338: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/stale.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-podmanio.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/update-podmanio.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-win-installer.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/upload-win-installer.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-win-installer.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/upload-win-installer.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload-win-installer.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/upload-win-installer.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-win-installer.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/upload-win-installer.yml/main?enable=pin
Warn: containerImage not pinned by hash: test/build/from-multiple-files/Dockerfile1.alpine:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/build/from-multiple-files/Dockerfile2.glob:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/build/from-multiple-files/Dockerfile2.withfrom:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/build/preserve-volumes/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/build/volume-perms/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/compose/env_and_volume/read/Dockerfile:1: pin your Docker image by updating quay.io/libpod/podman_python to quay.io/libpod/podman_python@sha256:b8cb8a86b0deb6ba0a9bb602b36bc61be41a0854c530a01c3a2582b77a6ed11a
Warn: containerImage not pinned by hash: test/compose/env_and_volume/write/Dockerfile:1: pin your Docker image by updating quay.io/libpod/podman_python to quay.io/libpod/podman_python@sha256:b8cb8a86b0deb6ba0a9bb602b36bc61be41a0854c530a01c3a2582b77a6ed11a
Warn: containerImage not pinned by hash: test/compose/mount_and_label/frontend/Dockerfile:1: pin your Docker image by updating quay.io/libpod/podman_python to quay.io/libpod/podman_python@sha256:b8cb8a86b0deb6ba0a9bb602b36bc61be41a0854c530a01c3a2582b77a6ed11a
Warn: containerImage not pinned by hash: test/compose/port_map_diff_port/frontend/Dockerfile:1: pin your Docker image by updating quay.io/libpod/podman_python to quay.io/libpod/podman_python@sha256:b8cb8a86b0deb6ba0a9bb602b36bc61be41a0854c530a01c3a2582b77a6ed11a
Warn: containerImage not pinned by hash: test/compose/simple_port_map/frontend/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/compose/uptwice/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/e2e/build/cache/Dockerfilecacheread:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/e2e/build/cache/Dockerfilecachewrite:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/e2e/build/containerignore-symlink/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/e2e/build/envwithtab/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/e2e/build/squash/Dockerfile.squash-a:1: pin your Docker image by updating quay.io/libpod/busybox:latest to quay.io/libpod/busybox:latest@sha256:a9286defaba7b3a519d585ba0e37d0b2cbee74ebfe590960b0b1d6a5e97d1e1d
Warn: containerImage not pinned by hash: test/e2e/build/squash/Dockerfile.squash-b:1
Warn: containerImage not pinned by hash: test/e2e/build/squash/Dockerfile.squash-c:1: pin your Docker image by updating quay.io/libpod/busybox:latest to quay.io/libpod/busybox:latest@sha256:a9286defaba7b3a519d585ba0e37d0b2cbee74ebfe590960b0b1d6a5e97d1e1d
Warn: containerImage not pinned by hash: test/e2e/build/workdir-symlink/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: test/python/docker/build_labels/Dockerfile:1: pin your Docker image by updating quay.io/libpod/alpine:latest to quay.io/libpod/alpine:latest@sha256:fa93b01658e3a5a1686dc3ae55f170d8de487006fb53a28efcd12ab0710a2e5f
Warn: downloadThenRun not pinned by hash: hack/install_golangci.sh:22
Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10
Warn: pipCommand not pinned by hash: .github/workflows/machine-os-pr.yml:66
Info: 0 out of 32 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 10 third-party GitHubAction dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 0 out of 20 containerImage dependencies pinned