Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): vendor/sigs.k8s.io/controller-runtime/Makefile:0
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-push.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-push.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-push.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-push.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push.yaml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/build-push.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codespell.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/codespell.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/codespell.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/codespell.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/golangci-lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/golangci-lint.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/golangci-lint.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind-deploy.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/kind-deploy.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-deploy.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/kind-deploy.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-deploy.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/kind-deploy.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind-deploy.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/kind-deploy.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-extras.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/lint-extras.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-extras.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/lint-extras.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-release.yaml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/tag-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-build.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-build.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-build.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-build.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-build.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-build.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-build.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-build.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-build.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-build.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-build.yaml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-golang.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-golang.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-golang.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-golang.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-golang.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-golang.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/test-golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yamllint.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/yamllint.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/yamllint.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/csi-addons/kubernetes-csi-addons/yamllint.yaml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:2
Warn: containerImage not pinned by hash: Dockerfile:15: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: goCommand not pinned by hash: tools/vendor/github.com/json-iterator/go/build.sh:10
Warn: goCommand not pinned by hash: tools/vendor/google.golang.org/grpc/regenerate.sh:35
Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10
Info: 0 out of 27 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 34 third-party GitHubAction dependencies pinned
Info: 1 out of 4 goCommand dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned