Warn: third-party GitHubAction not pinned by hash: .github/workflows/add-to-docs-project.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/add-to-docs-project.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add-to-project.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/add-to-project.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/benchmarks.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/benchmarks.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/benchmarks.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/benchmarks.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/benchmarks.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/benchmarks.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/benchmarks.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/benchmarks.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/benchmarks.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarks.yml:263: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/benchmarks.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-elastic-stack.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-elastic-stack.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-elastic-stack.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-elastic-stack.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-elastic-stack.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-elastic-stack.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-elastic-stack.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-elastic-stack.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-golang.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-golang.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-golang.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-golang.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-golang.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-golang.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-golang.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-golang.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-golang.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-golang.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-golang.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-golang.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-golang.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-golang.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-golang.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/bump-golang.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-docker-compose.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/check-docker-compose.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-docker-compose.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/check-docker-compose.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-docker-compose.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/check-docker-compose.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-docker-compose.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/check-docker-compose.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-docker-compose.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/check-docker-compose.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/microbenchmark.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/microbenchmark.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-minor-release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/run-minor-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-minor-release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/run-minor-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-minor-release.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/run-minor-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-minor-release.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/run-minor-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-minor-release.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/run-minor-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-minor-release.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/run-minor-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-patch-release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/run-patch-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-patch-release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/run-patch-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-patch-release.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/run-patch-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-patch-release.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/run-patch-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-patch-release.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/run-patch-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke-tests-ess.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-ess.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke-tests-ess.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-ess.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/smoke-tests-ess.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-ess.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/smoke-tests-ess.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-ess.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke-tests-os.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-os.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/smoke-tests-os.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-os.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/smoke-tests-os.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-os.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke-tests-os.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-os.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/smoke-tests-schedule.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-schedule.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/smoke-tests-schedule.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-schedule.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke-tests-schedule.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-schedule.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/smoke-tests-schedule.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/smoke-tests-schedule.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/terraform-fmt.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/terraform-fmt.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/terraform-fmt.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/terraform-fmt.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-reporter.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/test-reporter.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-beats.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/update-beats.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-beats.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/update-beats.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-beats.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/update-beats.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-beats.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/update-beats.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-beats.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/update-beats.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-compose.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/update-compose.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-compose.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/update-compose.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-compose.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/update-compose.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-compose.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/update-compose.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependabot-pr.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/update-dependabot-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependabot-pr.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-server/update-dependabot-pr.yml/main?enable=pin
Warn: containerImage not pinned by hash: packaging/docker/Dockerfile:8
Warn: containerImage not pinned by hash: packaging/docker/Dockerfile.wolfi:8
Warn: containerImage not pinned by hash: packaging/ironbank/Dockerfile:9
Warn: containerImage not pinned by hash: packaging/ironbank/Dockerfile:38
Warn: containerImage not pinned by hash: testing/docker/elastic-agent/Dockerfile:3
Warn: containerImage not pinned by hash: testing/docker/elastic-agent/Dockerfile:8
Warn: containerImage not pinned by hash: testing/docker/elastic-agent/Dockerfile:13
Warn: goCommand not pinned by hash: .ci/scripts/bench.sh:207
Warn: goCommand not pinned by hash: .ci/scripts/bench.sh:214
Info: 0 out of 39 GitHub-owned GitHubAction dependencies pinned
Info: 23 out of 63 third-party GitHubAction dependencies pinned
Info: 0 out of 2 goCommand dependencies pinned
Info: 2 out of 9 containerImage dependencies pinned