Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/create-release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-base-containers.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-base-containers.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-base-containers.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-base-containers.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-base-containers.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-base-containers.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-bot-schedule.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-bot-schedule.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-bot-schedule.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-bot-schedule.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-bot.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-bot.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-bot.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-bot.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-dev-container.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-dev-container.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-dev-container.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-dev-container.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-dev-container.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-dev-container.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-dev-container.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-dev-container.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:232: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:237: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:308: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:353: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:374: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:380: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:383: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:388: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:393: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:444: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:450: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:456: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:463: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:468: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:475: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:488: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:500: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:519: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:385: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:406: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:412: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:415: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:420: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:425: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:473: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:479: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:485: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:492: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:497: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:504: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:517: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:529: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:548: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:256: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:314: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:327: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-release-notes.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-release-notes.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-standalone-validation.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-standalone-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-standalone-validation.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-standalone-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-standalone-validation.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-standalone-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-standalone-validation.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-standalone-validation.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-azure-cleanup.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-azure-cleanup.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-cache-clean.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-cache-clean.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:284: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:289: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:301: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:307: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:317: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:329: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:378: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:394: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:406: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:411: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:416: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:420: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:451: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:461: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:473: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:507: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:523: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:535: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:541: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:545: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:549: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:588: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:598: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:610: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:288: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:371: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:384: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:439: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:455: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:461: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:464: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:469: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:474: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:547: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:552: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:587: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:594: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:601: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:608: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:615: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:628: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:641: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:653: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:672: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:300: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:311: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:314: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:355: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:364: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:370: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:378: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:428: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:439: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:444: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:449: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:454: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:459: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:464: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:469: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:474: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:479: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:484: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:535: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:555: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:561: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:641: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:645: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:682: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:221: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:704: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:709: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fossa.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/fossa.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fossa.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/fossa.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:292: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:300: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:308: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-tooling.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/test-tooling.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-tooling.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/test-tooling.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:250: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:287: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:305: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:336: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:365: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:434: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:442: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:450: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:456: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:466: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:478: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: containerImage not pinned by hash: docker/Dockerfile:3: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: docker/Dockerfile-debug:3: pin your Docker image by updating golang:1.23.1 to golang:1.23.1@sha256:4f063a24d429510e512cc730c3330292ff49f3ade3ae79bda8f84a24fa25ecb0
Warn: containerImage not pinned by hash: docker/Dockerfile-dev:5
Warn: containerImage not pinned by hash: docker/Dockerfile-mariner:4
Warn: containerImage not pinned by hash: docker/Dockerfile-windows:3
Warn: containerImage not pinned by hash: docker/Dockerfile-windows-base:3
Warn: containerImage not pinned by hash: docker/Dockerfile-windows-base:9
Warn: containerImage not pinned by hash: docker/Dockerfile-windows-php-base:3
Warn: containerImage not pinned by hash: docker/Dockerfile-windows-python-base:2
Warn: containerImage not pinned by hash: docker/Dockerfile-windows-python-base:4
Warn: containerImage not pinned by hash: tests/apps/Dockerfile:14: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: tests/apps/Dockerfile-windows:14: pin your Docker image by updating mcr.microsoft.com/windows/nanoserver:ltsc2022 to mcr.microsoft.com/windows/nanoserver:ltsc2022@sha256:55474b390b2d25e98450356b381d6dc422e15fb79808970f724c0f34df0b217e
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile:1
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile:5
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile:13
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile:16
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile-windows:1
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile-windows:13: pin your Docker image by updating mcr.microsoft.com/dotnet/aspnet:6.0 to mcr.microsoft.com/dotnet/aspnet:6.0@sha256:e70c493f8af7f95bf459cb2b15c7e7a6173228929c2b7a9a6836b19377890e78
Warn: containerImage not pinned by hash: tests/apps/actorjava/Dockerfile:2
Warn: containerImage not pinned by hash: tests/apps/actorjava/Dockerfile:14: pin your Docker image by updating eclipse-temurin:11-jre to eclipse-temurin:11-jre@sha256:2f710248a37f656ccbab4495c2d30c66f46a3ef95c101b0303d404b19ab9c2c0
Warn: containerImage not pinned by hash: tests/apps/actorjava/Dockerfile-windows:3
Warn: containerImage not pinned by hash: tests/apps/actorload/Dockerfile:1: pin your Docker image by updating golang:1.23.1 to golang:1.23.1@sha256:4f063a24d429510e512cc730c3330292ff49f3ade3ae79bda8f84a24fa25ecb0
Warn: containerImage not pinned by hash: tests/apps/actorload/Dockerfile:6: pin your Docker image by updating alpine:latest to alpine:latest@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: tests/apps/actorphp/Dockerfile:1: pin your Docker image by updating php:8.0-cli to php:8.0-cli@sha256:0569e384b9064c04dec55dc6e41be41b494a878dfbb6577a7d76bd50cfd5bc00
Warn: containerImage not pinned by hash: tests/apps/actorphp/Dockerfile-windows:2
Warn: containerImage not pinned by hash: tests/apps/actorpython/Dockerfile:14: pin your Docker image by updating python:3.9-slim-buster to python:3.9-slim-buster@sha256:320a7a4250aba4249f458872adecf92eea88dc6abd2d76dc5c0f01cac9b53990
Warn: containerImage not pinned by hash: tests/apps/actorpython/Dockerfile-windows:2
Warn: containerImage not pinned by hash: tests/apps/crypto/Dockerfile:14
Warn: containerImage not pinned by hash: tests/apps/crypto/Dockerfile:27: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: tests/apps/perf/actor-activation-locker/Dockerfile:14
Warn: containerImage not pinned by hash: tests/apps/perf/actor-activation-locker/Dockerfile:22: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: tests/apps/perf/actorfeatures/Dockerfile:1
Warn: containerImage not pinned by hash: tests/apps/perf/actorfeatures/Dockerfile:8
Warn: containerImage not pinned by hash: tests/apps/perf/actorfeatures/Dockerfile:15: pin your Docker image by updating debian:bullseye-slim to debian:bullseye-slim@sha256:6344a6747740d465bff88e833e43ef881a8c4dd51950dba5b30664c93f74cbef
Warn: containerImage not pinned by hash: tests/apps/perf/actorjava/Dockerfile:2
Warn: containerImage not pinned by hash: tests/apps/perf/actorjava/Dockerfile:14: pin your Docker image by updating eclipse-temurin:11-jre to eclipse-temurin:11-jre@sha256:2f710248a37f656ccbab4495c2d30c66f46a3ef95c101b0303d404b19ab9c2c0
Warn: containerImage not pinned by hash: tests/apps/perf/k6-custom/Dockerfile:2
Warn: containerImage not pinned by hash: tests/apps/perf/k6-custom/Dockerfile:8: pin your Docker image by updating loadimpact/k6:latest to loadimpact/k6:latest@sha256:63750a8adbec7cd1fa68a0dcadf8ffd6947ba555c2824b87fdbff09aa4bd290a
Warn: containerImage not pinned by hash: tests/apps/perf/service_invocation_grpc/Dockerfile:14
Warn: containerImage not pinned by hash: tests/apps/perf/service_invocation_grpc/Dockerfile:22: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: tests/apps/perf/service_invocation_http/Dockerfile:14
Warn: containerImage not pinned by hash: tests/apps/perf/service_invocation_http/Dockerfile:22: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: tests/apps/perf/tester/Dockerfile:1
Warn: containerImage not pinned by hash: tests/apps/perf/tester/Dockerfile:8
Warn: containerImage not pinned by hash: tests/apps/perf/tester/Dockerfile:15: pin your Docker image by updating debian:bullseye-slim to debian:bullseye-slim@sha256:6344a6747740d465bff88e833e43ef881a8c4dd51950dba5b30664c93f74cbef
Warn: containerImage not pinned by hash: tests/apps/perf/workflowsapp/Dockerfile:2: pin your Docker image by updating python:3.8-slim-buster to python:3.8-slim-buster@sha256:8799b0564103a9f36cfb8a8e1c562e11a9a6f2e3bb214e2adc23982b36a04511
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile:1
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile:5
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile:13
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile:16
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile-windows:1
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile-windows:13: pin your Docker image by updating mcr.microsoft.com/dotnet/aspnet:6.0 to mcr.microsoft.com/dotnet/aspnet:6.0@sha256:e70c493f8af7f95bf459cb2b15c7e7a6173228929c2b7a9a6836b19377890e78
Warn: goCommand not pinned by hash: docker/Dockerfile-debug:6
Warn: pipCommand not pinned by hash: docker/Dockerfile-windows-python-base:15
Warn: nugetCommand not pinned by hash: tests/apps/actordotnet/Dockerfile:8: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)
Warn: nugetCommand not pinned by hash: tests/apps/actordotnet/Dockerfile-windows:6: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)
Warn: pipCommand not pinned by hash: tests/apps/actorpython/Dockerfile:19
Warn: pipCommand not pinned by hash: tests/apps/actorpython/Dockerfile-windows:5
Warn: goCommand not pinned by hash: tests/apps/perf/k6-custom/Dockerfile:4
Warn: pipCommand not pinned by hash: tests/apps/perf/workflowsapp/Dockerfile:8
Warn: nugetCommand not pinned by hash: tests/apps/workflowsapp/Dockerfile:8: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)
Warn: nugetCommand not pinned by hash: tests/apps/workflowsapp/Dockerfile-windows:6: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)
Warn: downloadThenRun not pinned by hash: docker/custom-scripts/install-dapr-tools.sh:41
Warn: downloadThenRun not pinned by hash: docker/custom-scripts/install-dapr-tools.sh:71
Warn: pipCommand not pinned by hash: .github/workflows/dapr-bot-schedule.yml:36
Warn: pipCommand not pinned by hash: .github/workflows/dapr-release-notes.yml:32
Warn: pipCommand not pinned by hash: .github/workflows/dapr-standalone-validation.yml:52
Warn: pipCommand not pinned by hash: .github/workflows/dapr-standalone-validation.yml:55
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-standalone-validation.yml:60
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-test-sdk.yml:118
Warn: pipCommand not pinned by hash: .github/workflows/dapr-test-sdk.yml:134
Warn: pipCommand not pinned by hash: .github/workflows/dapr-test-sdk.yml:135
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-test-sdk.yml:251
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-test-sdk.yml:273
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-test-sdk.yml:426
Warn: npmCommand not pinned by hash: .github/workflows/dapr-test-sdk.yml:447
Warn: pipCommand not pinned by hash: .github/workflows/dapr-test-sdk.yml:556
Warn: pipCommand not pinned by hash: .github/workflows/dapr-test-sdk.yml:557
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-test-sdk.yml:560
Warn: goCommand not pinned by hash: .github/workflows/dapr.yml:137
Warn: npmCommand not pinned by hash: .github/workflows/dapr.yml:496
Warn: downloadThenRun not pinned by hash: .github/workflows/test-tooling.yml:50
Warn: downloadThenRun not pinned by hash: .github/workflows/version-skew.yaml:394
Info: 0 out of 127 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 99 third-party GitHubAction dependencies pinned
Info: 0 out of 52 containerImage dependencies pinned
Info: 6 out of 9 goCommand dependencies pinned
Info: 0 out of 12 pipCommand dependencies pinned
Info: 0 out of 4 nugetCommand dependencies pinned
Info: 0 out of 10 downloadThenRun dependencies pinned
Info: 0 out of 2 npmCommand dependencies pinned