Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:297: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:300: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:257: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:277: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-upstream.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/docs-upstream.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-upstream.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/docs-upstream.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/merge.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/merge.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/merge.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/merge.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/merge.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/merge.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/merge.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/merge.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/merge.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/merge.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/merge.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/merge.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/merge.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/merge.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/merge.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/docker/compose/stale.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:28
Warn: containerImage not pinned by hash: Dockerfile:31
Warn: containerImage not pinned by hash: Dockerfile:33
Warn: containerImage not pinned by hash: Dockerfile:34
Warn: containerImage not pinned by hash: Dockerfile:36
Warn: containerImage not pinned by hash: Dockerfile:50
Warn: containerImage not pinned by hash: Dockerfile:56
Warn: containerImage not pinned by hash: Dockerfile:64
Warn: containerImage not pinned by hash: Dockerfile:77
Warn: containerImage not pinned by hash: Dockerfile:90
Warn: containerImage not pinned by hash: Dockerfile:101
Warn: containerImage not pinned by hash: Dockerfile:118
Warn: containerImage not pinned by hash: Dockerfile:129
Warn: containerImage not pinned by hash: Dockerfile:135
Warn: containerImage not pinned by hash: Dockerfile:142
Warn: containerImage not pinned by hash: Dockerfile:159
Warn: containerImage not pinned by hash: Dockerfile:180
Warn: containerImage not pinned by hash: Dockerfile:184
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/bridge/Dockerfile:15: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-dependencies/base.dockerfile:15: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-dependencies/service.dockerfile:15
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-infinite/service1/Dockerfile:15: pin your Docker image by updating busybox to busybox@sha256:f85340bf132ae937d2c2a763b8335c9bab35d6e8293f70f606b9c6178d84f42b
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/entitlements/Dockerfile:18: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/long-output-line/Dockerfile:14: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/multi-args/Dockerfile:18
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/nginx-build/Dockerfile:15: pin your Docker image by updating nginx:alpine to nginx:alpine@sha256:b2e814d28359e77bd0aa5fed1939620075e4ffa0eb20423cc557b375bd5c14ad
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/nginx-build2/Dockerfile:15: pin your Docker image by updating nginx:alpine to nginx:alpine@sha256:b2e814d28359e77bd0aa5fed1939620075e4ffa0eb20423cc557b375bd5c14ad
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/platforms/Dockerfile:15
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/platforms/Dockerfile:21: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/platforms/contextServiceA/Dockerfile:15
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/platforms/contextServiceA/Dockerfile:21: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/platforms/contextServiceB/Dockerfile:15
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/platforms/contextServiceB/Dockerfile:21: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/platforms/contextServiceC/Dockerfile:15
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/platforms/contextServiceC/Dockerfile:21: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/privileged/Dockerfile:18: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/secrets/Dockerfile:18: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/ssh/Dockerfile:18: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/build-test/tags/Dockerfile:15: pin your Docker image by updating nginx:alpine to nginx:alpine@sha256:b2e814d28359e77bd0aa5fed1939620075e4ffa0eb20423cc557b375bd5c14ad
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/compose-pull/unknown-image/Dockerfile:15: pin your Docker image by updating alpine:3.15 to alpine:3.15@sha256:19b4bcc4f60e99dd5ebdca0cbce22c503bbcff197549d7e19dab4f22254dc864
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/dependencies/Dockerfile:15: pin your Docker image by updating busybox:1.35.0 to busybox:1.35.0@sha256:98ad9d1a2be345201bb0709b0d38655eb1b370145c7d94ca1fe9c421f76e245a
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/environment/empty-variable/Dockerfile:15: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/environment/env-file-comments/Dockerfile:15: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/environment/env-priority/Dockerfile:15: pin your Docker image by updating alpine to alpine@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/publish/Dockerfile:15: pin your Docker image by updating alpine:latest to alpine:latest@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/scale/Dockerfile:15: pin your Docker image by updating nginx:alpine to nginx:alpine@sha256:b2e814d28359e77bd0aa5fed1939620075e4ffa0eb20423cc557b375bd5c14ad
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/simple-build-test/nginx-build/Dockerfile:15: pin your Docker image by updating nginx:alpine to nginx:alpine@sha256:b2e814d28359e77bd0aa5fed1939620075e4ffa0eb20423cc557b375bd5c14ad
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/volume-test/nginx-build/Dockerfile:15: pin your Docker image by updating nginx:alpine to nginx:alpine@sha256:b2e814d28359e77bd0aa5fed1939620075e4ffa0eb20423cc557b375bd5c14ad
Warn: containerImage not pinned by hash: pkg/e2e/fixtures/wrong-composefile/service1/Dockerfile:15: pin your Docker image by updating nginx to nginx@sha256:93230cd54060f497430c7a120e2347894846a81b6a5dd2110f7362c5423b4abc
Info: 3 out of 26 GitHub-owned GitHubAction dependencies pinned
Info: 4 out of 20 third-party GitHubAction dependencies pinned
Info: 2 out of 51 containerImage dependencies pinned