Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/goreleaser.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/goreleaser.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/goreleaser.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/goreleaser.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/goreleaser.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/goreleaser.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/goreleaser.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/goreleaser.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-deploy.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/maven-deploy.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-deploy.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/maven-deploy.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-deploy.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/maven-deploy.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-release.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/maven-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-release.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/maven-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-release.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/maven-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-verify.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/maven-verify.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-verify.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/maven-verify.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-verify.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/maven-verify.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-package.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/python-package.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-package.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/python-package.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-package.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/python-package.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-package.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/python-package.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-bump.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/version-bump.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-bump.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protoc-gen-validate/version-bump.yaml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating ubuntu:focal to ubuntu:focal@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Warn: pipCommand not pinned by hash: .github/workflows/ci.yaml:52
Warn: npmCommand not pinned by hash: .github/workflows/version-bump.yaml:44
Info: 0 out of 19 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 5 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned