Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/codeql-analysis.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/conformance.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/conformance.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/conformance.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/conformance.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conformance.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/conformance.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dockerhub-readme.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/dockerhub-readme.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dockerhub-readme.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/dockerhub-readme.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/docs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/docs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/e2e.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fossa.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/fossa.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fossa.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/fossa.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/label.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/distribution/distribution/validate.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:7
Warn: containerImage not pinned by hash: Dockerfile:8
Warn: containerImage not pinned by hash: Dockerfile:15
Warn: containerImage not pinned by hash: Dockerfile:22
Warn: containerImage not pinned by hash: Dockerfile:36
Warn: containerImage not pinned by hash: Dockerfile:53
Warn: containerImage not pinned by hash: dockerfiles/authors.Dockerfile:5
Warn: containerImage not pinned by hash: dockerfiles/authors.Dockerfile:24
Warn: containerImage not pinned by hash: dockerfiles/docs.Dockerfile:6
Warn: containerImage not pinned by hash: dockerfiles/docs.Dockerfile:9
Warn: containerImage not pinned by hash: dockerfiles/docs.Dockerfile:14
Warn: containerImage not pinned by hash: dockerfiles/docs.Dockerfile:18
Warn: containerImage not pinned by hash: dockerfiles/docs.Dockerfile:22
Warn: containerImage not pinned by hash: dockerfiles/docs.Dockerfile:30
Warn: containerImage not pinned by hash: dockerfiles/git.Dockerfile:6
Warn: containerImage not pinned by hash: dockerfiles/git.Dockerfile:9
Warn: containerImage not pinned by hash: dockerfiles/git.Dockerfile:15
Warn: containerImage not pinned by hash: dockerfiles/lint.Dockerfile:8
Warn: containerImage not pinned by hash: dockerfiles/lint.Dockerfile:10
Warn: containerImage not pinned by hash: dockerfiles/lint.Dockerfile:14
Warn: containerImage not pinned by hash: dockerfiles/vendor.Dockerfile:7
Warn: containerImage not pinned by hash: dockerfiles/vendor.Dockerfile:11
Warn: containerImage not pinned by hash: dockerfiles/vendor.Dockerfile:26
Warn: containerImage not pinned by hash: dockerfiles/vendor.Dockerfile:41
Warn: containerImage not pinned by hash: dockerfiles/vendor.Dockerfile:42
Warn: containerImage not pinned by hash: project/dev-image/Dockerfile:1: pin your Docker image by updating ubuntu:14.04 to ubuntu:14.04@sha256:64483f3496c1373bfd55348e88694d1c4d0c9b660dee6bfef5e12f43b9933b30
Warn: goCommand not pinned by hash: project/dev-image/Dockerfile:20
Info: 3 out of 21 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 16 third-party GitHubAction dependencies pinned
Info: 0 out of 26 containerImage dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned