Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:197: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-ghcrio.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/docker-ghcrio.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-centos-7.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-centos-7.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-centos-7.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-centos-7.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-centos-7.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-centos-7.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-centos-7.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-centos-7.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-centos-7.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-centos-7.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-debian-bookworm.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-bookworm.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-debian-bookworm.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-bookworm.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-debian-bookworm.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-bookworm.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-debian-bookworm.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-bookworm.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-debian-bookworm.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-bookworm.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-debian-bullseye.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-bullseye.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-debian-bullseye.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-bullseye.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-debian-bullseye.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-bullseye.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-debian-bullseye.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-bullseye.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-debian-bullseye.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-bullseye.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-debian-buster.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-buster.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-debian-buster.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-buster.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-debian-buster.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-buster.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-debian-buster.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-buster.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-debian-buster.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-debian-buster.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-rockylinux-8.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-rockylinux-8.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-rockylinux-8.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-rockylinux-8.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-rockylinux-8.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-rockylinux-8.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-rockylinux-8.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-rockylinux-8.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-rockylinux-8.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-rockylinux-8.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-rockylinux-9.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-rockylinux-9.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-rockylinux-9.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-rockylinux-9.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-rockylinux-9.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-rockylinux-9.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-rockylinux-9.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-rockylinux-9.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-rockylinux-9.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-rockylinux-9.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-18.04.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-18.04.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-18.04.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-18.04.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-18.04.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-18.04.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-18.04.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-18.04.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-18.04.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-18.04.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-20.04.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-20.04.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-20.04.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-20.04.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-20.04.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-20.04.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-20.04.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-20.04.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-20.04.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-20.04.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-22.04.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-22.04.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-22.04.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-22.04.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-22.04.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-22.04.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-22.04.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-22.04.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/packages-ubuntu-22.04.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/packages-ubuntu-22.04.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/go-graphite/carbonapi/tests.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:23: pin your Docker image by updating alpine:latest to alpine:latest@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Info: 0 out of 29 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 39 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned