Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/ci-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/ci-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/golangci-lint.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/golangci-lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:247: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:256: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:272: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:276: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:285: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:300: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:305: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:312: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:362: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:366: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-tyk-analytics.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/craicoverflow/tyk/update-tyk-analytics.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile.slim:8: pin your Docker image by updating gcr.io/distroless/static-debian10 to gcr.io/distroless/static-debian10@sha256:73c9f3f9ee72a6070499e46826dacfda8cb428cb97bef9a70ee6f67957ec99c6
Warn: containerImage not pinned by hash: Dockerfile.std:8: pin your Docker image by updating debian:buster-slim to debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc
Warn: containerImage not pinned by hash: images/hybrid/Dockerfile:1: pin your Docker image by updating debian:buster-slim to debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc
Warn: containerImage not pinned by hash: images/plugin-compiler/Dockerfile:3: pin your Docker image by updating golang:1.15.8-stretch to golang:1.15.8-stretch@sha256:12387cadfc4e0d0e167b14a81b986d1e0e34e4e490242f3b82ca4a7872fecd7d
Warn: containerImage not pinned by hash: integration/image/Dockerfile:5: pin your Docker image by updating debian:buster-slim to debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc
Warn: downloadThenRun not pinned by hash: Dockerfile.std:14-21
Warn: pipCommand not pinned by hash: Dockerfile.std:14-21
Warn: downloadThenRun not pinned by hash: images/hybrid/Dockerfile:6-15
Warn: pipCommand not pinned by hash: images/hybrid/Dockerfile:6-15
Warn: pipCommand not pinned by hash: integration/image/Dockerfile:11-19
Warn: downloadThenRun not pinned by hash: aws/byol/install-gateway.sh:35
Warn: downloadThenRun not pinned by hash: aws/hybrid/install-gateway.sh:24
Warn: goCommand not pinned by hash: .github/workflows/ci-tests.yml:37
Warn: pipCommand not pinned by hash: .github/workflows/ci-tests.yml:46
Warn: pipCommand not pinned by hash: .github/workflows/ci-tests.yml:47
Warn: pipCommand not pinned by hash: .github/workflows/ci-tests.yml:48
Warn: pipCommand not pinned by hash: .github/workflows/ci-tests.yml:49
Info: 0 out of 20 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 20 third-party GitHubAction dependencies pinned
Info: 0 out of 7 pipCommand dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned
Info: 0 out of 4 downloadThenRun dependencies pinned