Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-simd-image-from-tag.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/build-simd-image-from-tag.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-simd-image-from-tag.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/build-simd-image-from-tag.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-wasm-simd-image-from-tag.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/build-wasm-simd-image-from-tag.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-wasm-simd-image-from-tag.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/build-wasm-simd-image-from-tag.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-wasm-simd-image-from-tag.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/build-wasm-simd-image-from-tag.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-wasm-simd-image-from-tag.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/build-wasm-simd-image-from-tag.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-wasm-simd-image-from-tag.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/build-wasm-simd-image-from-tag.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-wasm-simd-image-from-tag.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/build-wasm-simd-image-from-tag.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-wasm-simd-image-from-tag.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/build-wasm-simd-image-from-tag.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-wasm-simd-image-from-tag.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/build-wasm-simd-image-from-tag.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/codeql-analysis.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependabot-tidy.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/dependabot-tidy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-tidy.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/dependabot-tidy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-check.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docs-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-check.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docs-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-check.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docs-check.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs-check.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docs-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docs-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docs-deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/docs-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-compatibility-workflow-call.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e-compatibility-workflow-call.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-compatibility-workflow-call.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e-compatibility-workflow-call.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-compatibility-workflow-call.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e-compatibility-workflow-call.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-compatibility-workflow-call.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e-compatibility-workflow-call.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-compatibility-workflow-call.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e-compatibility-workflow-call.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-compatibility.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e-compatibility.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-compatibility.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e-compatibility.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-upgrade.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e-upgrade.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-upgrade.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e-upgrade.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-upgrade.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e-upgrade.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/e2e.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/golangci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/golangci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/golangci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/proto-breaking-check.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/proto-breaking-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/proto-registry.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/proto-registry.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/proto-registry.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/proto-registry.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/cosmos/ibc-go/test.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:29: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: modules/light-clients/08-wasm/Dockerfile:1
Warn: containerImage not pinned by hash: modules/light-clients/08-wasm/Dockerfile:26
Warn: containerImage not pinned by hash: modules/light-clients/08-wasm/Dockerfile:31
Warn: containerImage not pinned by hash: modules/light-clients/08-wasm/Dockerfile:36
Warn: containerImage not pinned by hash: modules/light-clients/08-wasm/Dockerfile:39
Warn: containerImage not pinned by hash: modules/light-clients/08-wasm/Dockerfile:47: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: pipCommand not pinned by hash: .github/workflows/e2e-compatibility-workflow-call.yaml:29
Info: 0 out of 41 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 19 third-party GitHubAction dependencies pinned
Info: 0 out of 8 containerImage dependencies pinned
Info: 1 out of 1 npmCommand dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned