Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/analyze.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/analyze.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/analyze.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/analyze.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/analyze.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/analyze.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/analyze.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/analyze.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/boilerplate.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/boilerplate.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/boilerplate.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/boilerplate.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-deps.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/bump-deps.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-deps.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/bump-deps.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-deps.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/bump-deps.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/donotsubmit.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/donotsubmit.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/donotsubmit.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/donotsubmit.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/e2e.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/e2e.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecr-auth.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/ecr-auth.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecr-auth.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/ecr-auth.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ecr-auth.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/ecr-auth.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecr-auth.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/ecr-auth.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecr-auth.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/ecr-auth.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ecr-auth.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/ecr-auth.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghcr-auth.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/ghcr-auth.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghcr-auth.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/ghcr-auth.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/presubmit.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/presubmit.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/stale.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/style.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/style.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/style.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/style.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/style.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/style.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/style.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/style.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/style.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/style.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/style.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/style.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/style.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/style.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/style.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/style.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/style.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/style.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/style.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/style.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/test.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/google/go-containerregistry/test.yaml/main?enable=pin
Warn: goCommand not pinned by hash: hack/presubmit.sh:29
Warn: goCommand not pinned by hash: hack/update-codegen.sh:37
Info: 0 out of 29 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 14 third-party GitHubAction dependencies pinned
Info: 11 out of 13 goCommand dependencies pinned