Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/create-release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-3rdparty-images.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-3rdparty-images.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-base-containers.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-base-containers.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-base-containers.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-base-containers.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-base-containers.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-base-containers.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-bot-schedule.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-bot-schedule.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-bot-schedule.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-bot-schedule.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-bot.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-bot.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-bot.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-bot.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-dev-container.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-dev-container.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-dev-container.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-dev-container.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-dev-container.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-dev-container.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-dev-container.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-dev-container.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:232: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:237: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:294: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:307: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:352: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:373: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:379: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:382: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:387: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:392: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:443: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:449: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:455: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:462: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:467: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:474: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:487: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:499: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf-components.yml:518: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf-components.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:256: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:313: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:326: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:384: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:405: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:411: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:414: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:419: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:424: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:472: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:478: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:484: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:491: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:496: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:503: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:516: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:528: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-perf.yml:547: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-perf.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-release-notes.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-release-notes.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-standalone-validation.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-standalone-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-standalone-validation.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-standalone-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-standalone-validation.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-standalone-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-standalone-validation.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-standalone-validation.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-azure-cleanup.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-azure-cleanup.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-cache-clean.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-cache-clean.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:284: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:289: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:301: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:307: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:317: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:329: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:378: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:394: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:406: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:411: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:416: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:420: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:451: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:461: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:473: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:507: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:523: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:535: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:541: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:545: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:549: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:588: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:598: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test-sdk.yml:610: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test-sdk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:294: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:372: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:385: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:440: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:456: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:466: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:471: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:476: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:549: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:554: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:589: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:596: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:603: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:610: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:617: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:630: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:643: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:655: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:674: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr-test.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:731: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:736: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:778: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:326: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:332: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:337: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:382: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:391: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:397: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:405: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:455: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:466: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:471: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:476: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:481: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:486: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:491: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:496: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:501: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:506: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:511: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:668: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:672: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:709: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:244: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dapr.yml:562: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:582: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dapr.yml:588: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/dapr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fossa.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/fossa.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fossa.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/fossa.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:291: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:299: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind-e2e.yaml:307: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/kind-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-tooling.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/test-tooling.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:250: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:287: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:305: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:336: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:365: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:434: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:442: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:450: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:456: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:466: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-skew.yaml:478: update your workflow using https://app.stepsecurity.io/secureworkflow/dapr/dapr/version-skew.yaml/master?enable=pin
Warn: containerImage not pinned by hash: docker/Dockerfile:3: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: docker/Dockerfile-debug:3: pin your Docker image by updating golang:1.23.1 to golang:1.23.1@sha256:4f063a24d429510e512cc730c3330292ff49f3ade3ae79bda8f84a24fa25ecb0
Warn: containerImage not pinned by hash: docker/Dockerfile-dev:5
Warn: containerImage not pinned by hash: docker/Dockerfile-mariner:4
Warn: containerImage not pinned by hash: docker/Dockerfile-windows:3
Warn: containerImage not pinned by hash: docker/Dockerfile-windows-base:3
Warn: containerImage not pinned by hash: docker/Dockerfile-windows-base:9
Warn: containerImage not pinned by hash: docker/Dockerfile-windows-php-base:3
Warn: containerImage not pinned by hash: docker/Dockerfile-windows-python-base:2
Warn: containerImage not pinned by hash: docker/Dockerfile-windows-python-base:4
Warn: containerImage not pinned by hash: tests/apps/Dockerfile:14: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: tests/apps/Dockerfile-windows:14: pin your Docker image by updating mcr.microsoft.com/windows/nanoserver:ltsc2022 to mcr.microsoft.com/windows/nanoserver:ltsc2022@sha256:f82cb05e20c4bfa93a007c9f073f83febd8bc6d16f98a3208f3baa486aafcdf4
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile:1
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile:5
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile:13
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile:16
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile-windows:1
Warn: containerImage not pinned by hash: tests/apps/actordotnet/Dockerfile-windows:13: pin your Docker image by updating mcr.microsoft.com/dotnet/aspnet:6.0 to mcr.microsoft.com/dotnet/aspnet:6.0@sha256:e70c493f8af7f95bf459cb2b15c7e7a6173228929c2b7a9a6836b19377890e78
Warn: containerImage not pinned by hash: tests/apps/actorjava/Dockerfile:2
Warn: containerImage not pinned by hash: tests/apps/actorjava/Dockerfile:14: pin your Docker image by updating eclipse-temurin:11-jre to eclipse-temurin:11-jre@sha256:77839a4f0891473c372ddeaa51ae19e2b2478fb4eeaab667918aadd1b636233f
Warn: containerImage not pinned by hash: tests/apps/actorjava/Dockerfile-windows:3
Warn: containerImage not pinned by hash: tests/apps/actorload/Dockerfile:1: pin your Docker image by updating golang:1.23.1 to golang:1.23.1@sha256:4f063a24d429510e512cc730c3330292ff49f3ade3ae79bda8f84a24fa25ecb0
Warn: containerImage not pinned by hash: tests/apps/actorload/Dockerfile:6: pin your Docker image by updating alpine:latest to alpine:latest@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: tests/apps/actorphp/Dockerfile:1: pin your Docker image by updating php:8.0-cli to php:8.0-cli@sha256:0569e384b9064c04dec55dc6e41be41b494a878dfbb6577a7d76bd50cfd5bc00
Warn: containerImage not pinned by hash: tests/apps/actorphp/Dockerfile-windows:2
Warn: containerImage not pinned by hash: tests/apps/actorpython/Dockerfile:14: pin your Docker image by updating python:3.9-slim-buster to python:3.9-slim-buster@sha256:320a7a4250aba4249f458872adecf92eea88dc6abd2d76dc5c0f01cac9b53990
Warn: containerImage not pinned by hash: tests/apps/actorpython/Dockerfile-windows:2
Warn: containerImage not pinned by hash: tests/apps/crypto/Dockerfile:14
Warn: containerImage not pinned by hash: tests/apps/crypto/Dockerfile:27: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: tests/apps/perf/actor-activation-locker/Dockerfile:14
Warn: containerImage not pinned by hash: tests/apps/perf/actor-activation-locker/Dockerfile:22: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: tests/apps/perf/actorfeatures/Dockerfile:1
Warn: containerImage not pinned by hash: tests/apps/perf/actorfeatures/Dockerfile:8
Warn: containerImage not pinned by hash: tests/apps/perf/actorfeatures/Dockerfile:15: pin your Docker image by updating debian:bullseye-slim to debian:bullseye-slim@sha256:33b7c2e071c29e618182ec872c471f39d2dde3d8904d95f5b7a61acf3a592e7b
Warn: containerImage not pinned by hash: tests/apps/perf/actorjava/Dockerfile:2
Warn: containerImage not pinned by hash: tests/apps/perf/actorjava/Dockerfile:14: pin your Docker image by updating eclipse-temurin:11-jre to eclipse-temurin:11-jre@sha256:77839a4f0891473c372ddeaa51ae19e2b2478fb4eeaab667918aadd1b636233f
Warn: containerImage not pinned by hash: tests/apps/perf/k6-custom/Dockerfile:2
Warn: containerImage not pinned by hash: tests/apps/perf/k6-custom/Dockerfile:8: pin your Docker image by updating loadimpact/k6:latest to loadimpact/k6:latest@sha256:63750a8adbec7cd1fa68a0dcadf8ffd6947ba555c2824b87fdbff09aa4bd290a
Warn: containerImage not pinned by hash: tests/apps/perf/service_invocation_grpc/Dockerfile:14
Warn: containerImage not pinned by hash: tests/apps/perf/service_invocation_grpc/Dockerfile:22: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: tests/apps/perf/service_invocation_http/Dockerfile:14
Warn: containerImage not pinned by hash: tests/apps/perf/service_invocation_http/Dockerfile:22: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: tests/apps/perf/tester/Dockerfile:1
Warn: containerImage not pinned by hash: tests/apps/perf/tester/Dockerfile:8
Warn: containerImage not pinned by hash: tests/apps/perf/tester/Dockerfile:15: pin your Docker image by updating debian:bullseye-slim to debian:bullseye-slim@sha256:33b7c2e071c29e618182ec872c471f39d2dde3d8904d95f5b7a61acf3a592e7b
Warn: containerImage not pinned by hash: tests/apps/perf/workflowsapp/Dockerfile:2: pin your Docker image by updating python:3.8-slim-buster to python:3.8-slim-buster@sha256:8799b0564103a9f36cfb8a8e1c562e11a9a6f2e3bb214e2adc23982b36a04511
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile:1
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile:5
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile:13
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile:16
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile-windows:1
Warn: containerImage not pinned by hash: tests/apps/workflowsapp/Dockerfile-windows:13: pin your Docker image by updating mcr.microsoft.com/dotnet/aspnet:6.0 to mcr.microsoft.com/dotnet/aspnet:6.0@sha256:e70c493f8af7f95bf459cb2b15c7e7a6173228929c2b7a9a6836b19377890e78
Warn: goCommand not pinned by hash: docker/Dockerfile-debug:6
Warn: pipCommand not pinned by hash: docker/Dockerfile-windows-python-base:15
Warn: nugetCommand not pinned by hash: tests/apps/actordotnet/Dockerfile:8: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)
Warn: nugetCommand not pinned by hash: tests/apps/actordotnet/Dockerfile-windows:6: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)
Warn: pipCommand not pinned by hash: tests/apps/actorpython/Dockerfile:19
Warn: pipCommand not pinned by hash: tests/apps/actorpython/Dockerfile-windows:5
Warn: goCommand not pinned by hash: tests/apps/perf/k6-custom/Dockerfile:4
Warn: pipCommand not pinned by hash: tests/apps/perf/workflowsapp/Dockerfile:8
Warn: nugetCommand not pinned by hash: tests/apps/workflowsapp/Dockerfile:8: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)
Warn: nugetCommand not pinned by hash: tests/apps/workflowsapp/Dockerfile-windows:6: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)
Warn: downloadThenRun not pinned by hash: docker/custom-scripts/install-dapr-tools.sh:41
Warn: downloadThenRun not pinned by hash: docker/custom-scripts/install-dapr-tools.sh:71
Warn: pipCommand not pinned by hash: .github/workflows/dapr-bot-schedule.yml:36
Warn: pipCommand not pinned by hash: .github/workflows/dapr-release-notes.yml:32
Warn: pipCommand not pinned by hash: .github/workflows/dapr-standalone-validation.yml:52
Warn: pipCommand not pinned by hash: .github/workflows/dapr-standalone-validation.yml:55
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-standalone-validation.yml:60
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-test-sdk.yml:426
Warn: npmCommand not pinned by hash: .github/workflows/dapr-test-sdk.yml:447
Warn: pipCommand not pinned by hash: .github/workflows/dapr-test-sdk.yml:556
Warn: pipCommand not pinned by hash: .github/workflows/dapr-test-sdk.yml:557
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-test-sdk.yml:560
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-test-sdk.yml:118
Warn: pipCommand not pinned by hash: .github/workflows/dapr-test-sdk.yml:134
Warn: pipCommand not pinned by hash: .github/workflows/dapr-test-sdk.yml:135
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-test-sdk.yml:251
Warn: downloadThenRun not pinned by hash: .github/workflows/dapr-test-sdk.yml:273
Warn: npmCommand not pinned by hash: .github/workflows/dapr.yml:523
Warn: goCommand not pinned by hash: .github/workflows/dapr.yml:131
Warn: downloadThenRun not pinned by hash: .github/workflows/test-tooling.yml:51
Warn: downloadThenRun not pinned by hash: .github/workflows/version-skew.yaml:394
Info: 0 out of 123 GitHub-owned GitHubAction dependencies pinned
Info: 7 out of 106 third-party GitHubAction dependencies pinned
Info: 0 out of 52 containerImage dependencies pinned
Info: 6 out of 9 goCommand dependencies pinned
Info: 0 out of 12 pipCommand dependencies pinned
Info: 0 out of 4 nugetCommand dependencies pinned
Info: 0 out of 10 downloadThenRun dependencies pinned
Info: 0 out of 2 npmCommand dependencies pinned