Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cpan.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-cpan.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cpan.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-cpan.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-github.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-github.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-github.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-github.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-hex.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-hex.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-hex.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-hex.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-hex.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-hex.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-hex.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-hex.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-mvn.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-mvn.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-mvn.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-mvn.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-mvn.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-mvn.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-npm.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-npm.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-npm.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-npm.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-nuget.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-nuget.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-nuget.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-nuget.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-nuget.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-nuget.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-php.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-php.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-php.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-php.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pypi.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-pypi.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pypi.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-pypi.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-pypi.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-pypi.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-rubygem.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-rubygem.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-rubygem.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-rubygem.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-rubygem.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/release-rubygem.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-c.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-c.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-codegen.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-codegen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-codegen.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-codegen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cpp.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-cpp.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cpp.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-cpp.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-dart.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-dart.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-dart.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-dart.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-dotnet.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-dotnet.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-dotnet.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-dotnet.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-elixir.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-elixir.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-elixir.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-elixir.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-go.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-go.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-java.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-java.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-java.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-java.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-javascript.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-javascript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-javascript.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-javascript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-perl.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-perl.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-perl.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-perl.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-php.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-php.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-php.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-php.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-php.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-php.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-python.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-python.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-ruby.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-ruby.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-ruby.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/cucumber/gherkin/test-ruby.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:6: pin your Docker image by updating mcr.microsoft.com/dotnet/sdk:7.0 to mcr.microsoft.com/dotnet/sdk:7.0@sha256:d32bd65cf5843f413e81f5d917057c82da99737cb1637e905a1a4bc2e7ec6c8d
Warn: npmCommand not pinned by hash: .github/workflows/release-npm.yml:20
Warn: pipCommand not pinned by hash: .github/workflows/release-pypi.yaml:31
Warn: pipCommand not pinned by hash: .github/workflows/test-python.yml:53
Warn: pipCommand not pinned by hash: .github/workflows/test-python.yml:54
Warn: pipCommand not pinned by hash: .github/workflows/test-python.yml:61
Info: 0 out of 33 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 18 third-party GitHubAction dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned
Info: 0 out of 4 pipCommand dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned