Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-fast-forward.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/check-fast-forward.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/config-ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/config-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/config-ci.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/config-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/config-ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/config-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cut-release.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cut-release.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cut-release.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cut-release.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cut-release.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cut-release.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/cut-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/documentation.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fast-forward.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/fast-forward.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/nightly-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/nightly.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/nightly.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/nightly.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/prepare-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/prepare-release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/prepare-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/tests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/v2-issues.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/quay/clair/v2-issues.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:19
Warn: containerImage not pinned by hash: Dockerfile:67
Warn: containerImage not pinned by hash: contrib/cmd/quaybackstop/Dockerfile:24
Warn: containerImage not pinned by hash: contrib/cmd/quaybackstop/Dockerfile:52
Info: 0 out of 33 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 15 third-party GitHubAction dependencies pinned
Info: 0 out of 4 containerImage dependencies pinned