Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: scripts/build/ci-wix/Dockerfile:6
Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): scripts/build/ci-wix/Dockerfile:8-10
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/backport.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-version.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/bump-version.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-version.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/bump-version.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-version.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/bump-version.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-version.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/bump-version.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-version.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/bump-version.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/close-milestone.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/close-milestone.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commands.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/commands.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build-skip.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build-skip.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-report.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-report.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-report.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/detect-breaking-changes-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-validator.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/doc-validator.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/enterprise-pr-check.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/enterprise-pr-check.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/github-release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/issue-labeled.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/issue-labeled.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/issue-labeled.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/metrics-collector.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/metrics-collector.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-checks.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-go.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-codeql-analysis-go.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-go.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-codeql-analysis-go.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-go.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-codeql-analysis-go.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-go.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-codeql-analysis-go.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-javascript.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-codeql-analysis-javascript.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-javascript.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-codeql-analysis-javascript.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-javascript.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-codeql-analysis-javascript.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-python.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-codeql-analysis-python.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-python.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-codeql-analysis-python.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-python.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-codeql-analysis-python.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-commands.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/pr-commands.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/publish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/publish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/publish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/remove-milestone.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/remove-milestone.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sbom-report.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/sbom-report.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sbom-report.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/sbom-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/stale.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-changelog.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/danievanzyl/grafana/update-changelog.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:23
Warn: containerImage not pinned by hash: Dockerfile:42: pin your Docker image by updating alpine:3.15.6 to alpine:3.15.6@sha256:cf34c62ee8eb3fe8aa24c1fab45d7e9d12768d945c3f5a6fd6a63d901e898479
Warn: containerImage not pinned by hash: Dockerfile.ubuntu:1
Warn: containerImage not pinned by hash: Dockerfile.ubuntu:24
Warn: containerImage not pinned by hash: Dockerfile.ubuntu:40: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Warn: containerImage not pinned by hash: devenv/docker/blocks/alert_webhook_listener/Dockerfile:2: pin your Docker image by updating golang:latest to golang:latest@sha256:7ea4c9dcb2b97ff8ee80a67db3d44f98c8ffa0d191399197007d8459c1453041
Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/apache_proxy/Dockerfile:1: pin your Docker image by updating jmferrer/apache2-reverse-proxy:latest to jmferrer/apache2-reverse-proxy:latest@sha256:cd958b3505d180aa6f8b8491be8a9abdd1d8b0fdd2c1b382912f5d52a0df9d83
Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/apache_proxy_mac/Dockerfile:1: pin your Docker image by updating jmferrer/apache2-reverse-proxy:latest to jmferrer/apache2-reverse-proxy:latest@sha256:cd958b3505d180aa6f8b8491be8a9abdd1d8b0fdd2c1b382912f5d52a0df9d83
Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/nginx_proxy/Dockerfile:1: pin your Docker image by updating nginx:1.19.3-alpine to nginx:1.19.3-alpine@sha256:5aa44b407756b274a600c7399418bdfb1d02c33317ae27fd5e8a333afb115db1
Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/nginx_proxy_mac/Dockerfile:1: pin your Docker image by updating nginx:1.19.3-alpine to nginx:1.19.3-alpine@sha256:5aa44b407756b274a600c7399418bdfb1d02c33317ae27fd5e8a333afb115db1
Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server.Dockerfile:3: pin your Docker image by updating debian:jessie to debian:jessie@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0
Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/openldap-multiple/ldap-server.Dockerfile:3: pin your Docker image by updating debian:jessie to debian:jessie@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0
Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/openldap/Dockerfile:3: pin your Docker image by updating debian:jessie to debian:jessie@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0
Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/prometheus_basic_auth_proxy/Dockerfile:1: pin your Docker image by updating nginx:1.19.3-alpine to nginx:1.19.3-alpine@sha256:5aa44b407756b274a600c7399418bdfb1d02c33317ae27fd5e8a333afb115db1
Warn: containerImage not pinned by hash: devenv/docker/blocks/collectd/Dockerfile:1: pin your Docker image by updating ubuntu:xenial to ubuntu:xenial@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6
Warn: containerImage not pinned by hash: devenv/docker/blocks/elastic/data/Dockerfile:1: pin your Docker image by updating node:16-alpine to node:16-alpine@sha256:a1f9d027912b58a7c75be7716c97cfbc6d3099f3a97ed84aa490be9dee20e787
Warn: containerImage not pinned by hash: devenv/docker/blocks/loki/data/Dockerfile:1: pin your Docker image by updating node:16-alpine to node:16-alpine@sha256:a1f9d027912b58a7c75be7716c97cfbc6d3099f3a97ed84aa490be9dee20e787
Warn: containerImage not pinned by hash: devenv/docker/blocks/mssql/build/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04 to mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04@sha256:bf3cc5fb2abfd327c6eeaf2a021869077298511eb6ded5fabd9a1e39ebff7c30
Warn: containerImage not pinned by hash: devenv/docker/blocks/mssql_arm64/build/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/azure-sql-edge:1.0.4 to mcr.microsoft.com/azure-sql-edge:1.0.4@sha256:209a502ac7d35a8e9d5ae777bca874930950a6bf0ec4915acf23390321c576e9
Warn: containerImage not pinned by hash: devenv/docker/blocks/mssql_tls/build/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04 to mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04@sha256:bf3cc5fb2abfd327c6eeaf2a021869077298511eb6ded5fabd9a1e39ebff7c30
Warn: containerImage not pinned by hash: devenv/docker/blocks/mysql_opendata/Dockerfile:3: pin your Docker image by updating mysql:latest to mysql:latest@sha256:0255b469f0135a0236d672d60e3154ae2f4538b146744966d96440318cc822c6
Warn: containerImage not pinned by hash: devenv/docker/blocks/mysql_tests/Dockerfile:2
Warn: containerImage not pinned by hash: devenv/docker/blocks/postgres_tests/Dockerfile:2
Warn: containerImage not pinned by hash: devenv/docker/blocks/prometheus/Dockerfile:1: pin your Docker image by updating prom/prometheus:latest to prom/prometheus:latest@sha256:6559acbd5d770b15bb3c954629ce190ac3cbbdb2b7f1c30f0385c4e05104e218
Warn: containerImage not pinned by hash: devenv/docker/blocks/prometheus_random_data/Dockerfile:4
Warn: containerImage not pinned by hash: devenv/docker/blocks/slow_proxy/Dockerfile:1
Warn: containerImage not pinned by hash: devenv/docker/blocks/smtp/Dockerfile:1: pin your Docker image by updating centos:centos7 to centos:centos7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
Warn: containerImage not pinned by hash: devenv/docker/buildcontainer/Dockerfile:1: pin your Docker image by updating centos:6.6 to centos:6.6@sha256:32b80b90ba17ed16e9fa3430a49f53ff6de0d4c76ad8631717a1373d5921fa26
Warn: containerImage not pinned by hash: devenv/docker/debtest/Dockerfile:1: pin your Docker image by updating debian:jessie to debian:jessie@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0
Warn: containerImage not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/Dockerfile:1: pin your Docker image by updating alpine:3.15.6 to alpine:3.15.6@sha256:cf34c62ee8eb3fe8aa24c1fab45d7e9d12768d945c3f5a6fd6a63d901e898479
Warn: containerImage not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci-e2e/Dockerfile:1: pin your Docker image by updating debian:buster-slim to debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc
Warn: containerImage not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci/Dockerfile:1: pin your Docker image by updating debian:testing-20210111-slim to debian:testing-20210111-slim@sha256:44be123bee11a02b547e243f7610a40f1c2e240ccdc451bbe40084609e645155
Warn: containerImage not pinned by hash: packaging/docker/Dockerfile:2
Warn: containerImage not pinned by hash: packaging/docker/Dockerfile:14
Warn: containerImage not pinned by hash: packaging/docker/custom/Dockerfile:3
Warn: containerImage not pinned by hash: packaging/docker/custom/ubuntu.Dockerfile:3
Warn: containerImage not pinned by hash: packaging/docker/ubuntu.Dockerfile:2
Warn: containerImage not pinned by hash: packaging/docker/ubuntu.Dockerfile:10
Warn: containerImage not pinned by hash: scripts/build/ci-build/Dockerfile:2
Warn: containerImage not pinned by hash: scripts/build/ci-build/Dockerfile:103: pin your Docker image by updating debian:buster-20220822 to debian:buster-20220822@sha256:fa8155031d12cd165c237e0b38688cade32912e990ffe21f9e31968d9a04da38
Warn: containerImage not pinned by hash: scripts/build/ci-deploy/Dockerfile:1: pin your Docker image by updating debian:testing-20210111-slim to debian:testing-20210111-slim@sha256:44be123bee11a02b547e243f7610a40f1c2e240ccdc451bbe40084609e645155
Warn: containerImage not pinned by hash: scripts/build/ci-deploy/Dockerfile:22: pin your Docker image by updating debian:testing-20210111-slim to debian:testing-20210111-slim@sha256:44be123bee11a02b547e243f7610a40f1c2e240ccdc451bbe40084609e645155
Warn: containerImage not pinned by hash: scripts/build/ci-e2e/Dockerfile:1: pin your Docker image by updating node:12.19.0-buster-slim to node:12.19.0-buster-slim@sha256:abbfaad7758de248460d764e3b7177b2d0abc8c1b26c2895dec8afad999c01c8
Warn: containerImage not pinned by hash: scripts/build/ci-msi-build/Dockerfile:1: pin your Docker image by updating grafana/wix-toolset-ci:v3 to grafana/wix-toolset-ci:v3@sha256:7535b5c91d7c50adcae1ad49d95c629e8e3b9fe78e0d0c6f39195d0df44d274b
Warn: containerImage not pinned by hash: scripts/build/ci-wix/Dockerfile:2: pin your Docker image by updating mcr.microsoft.com/windows:1809 to mcr.microsoft.com/windows:1809@sha256:f8e1a37e5c35c3bfd54cae3cfac3195c80789aecdc32d88d72e3e9163daa9f9a
Warn: containerImage not pinned by hash: scripts/verify-repo-update/Dockerfile.deb:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Warn: containerImage not pinned by hash: scripts/verify-repo-update/Dockerfile.rpm:1: pin your Docker image by updating centos:7 to centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
Warn: pipCommand not pinned by hash: devenv/docker/blocks/collectd/Dockerfile:13
Warn: pipCommand not pinned by hash: scripts/build/ci-build/Dockerfile:119-153
Warn: goCommand not pinned by hash: scripts/build/ci-build/Dockerfile:179-184
Warn: goCommand not pinned by hash: scripts/build/ci-build/Dockerfile:179-184
Warn: pipCommand not pinned by hash: scripts/build/ci-deploy/Dockerfile:43-56
Warn: downloadThenRun not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/scripts/deploy.sh:55
Warn: goCommand not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/scripts/deploy.sh:59
Warn: npmCommand not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci-e2e/scripts/deploy.sh:22
Warn: goCommand not pinned by hash: scripts/mixin-check.sh:5
Warn: goCommand not pinned by hash: scripts/mixin-check.sh:6
Warn: npmCommand not pinned by hash: .github/workflows/backport.yml:20
Warn: npmCommand not pinned by hash: .github/workflows/bump-version.yml:71
Warn: npmCommand not pinned by hash: .github/workflows/close-milestone.yml:29
Warn: npmCommand not pinned by hash: .github/workflows/commands.yml:21
Warn: npmCommand not pinned by hash: .github/workflows/enterprise-pr-check.yml:19
Warn: npmCommand not pinned by hash: .github/workflows/github-release.yml:20
Warn: npmCommand not pinned by hash: .github/workflows/metrics-collector.yml:30
Warn: npmCommand not pinned by hash: .github/workflows/pr-checks.yml:31
Warn: npmCommand not pinned by hash: .github/workflows/pr-commands.yml:21
Warn: npmCommand not pinned by hash: .github/workflows/remove-milestone.yml:29
Warn: npmCommand not pinned by hash: .github/workflows/update-changelog.yml:20
Info: 0 out of 55 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 9 third-party GitHubAction dependencies pinned
Info: 0 out of 48 containerImage dependencies pinned
Info: 0 out of 3 pipCommand dependencies pinned
Info: 2 out of 7 goCommand dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned
Info: 0 out of 12 npmCommand dependencies pinned