Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/fuzz.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/fuzz.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license-lint.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/license-lint.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license-lint.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/license-lint.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/lint.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/lint.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/lint.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit-compositions.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit-compositions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit-compositions.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit-compositions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit-compositions.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit-compositions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit-compositions.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit-compositions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit-compositions.yaml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit-compositions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit-compositions.yaml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit-compositions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit-compositions.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit-compositions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit-compositions.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit-compositions.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/presubmit-compositions.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit-compositions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit-compositions.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit-compositions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit-compositions.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit-compositions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/presubmit.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-operator.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/upgrade-operator.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-operator.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/GoogleCloudPlatform/k8s-config-connector/upgrade-operator.yaml/master?enable=pin
Warn: containerImage not pinned by hash: build/builder/Dockerfile:17
Warn: containerImage not pinned by hash: build/deletiondefender/Dockerfile:19
Warn: containerImage not pinned by hash: build/deletiondefender/Dockerfile:23
Warn: containerImage not pinned by hash: build/deletiondefender/Dockerfile:37
Warn: containerImage not pinned by hash: build/manager/Dockerfile:19
Warn: containerImage not pinned by hash: build/manager/Dockerfile:23
Warn: containerImage not pinned by hash: build/manager/Dockerfile:37
Warn: containerImage not pinned by hash: build/recorder/Dockerfile:19
Warn: containerImage not pinned by hash: build/recorder/Dockerfile:23
Warn: containerImage not pinned by hash: build/recorder/Dockerfile:33
Warn: containerImage not pinned by hash: build/tooling/Dockerfile:15
Warn: containerImage not pinned by hash: build/unmanageddetector/Dockerfile:19
Warn: containerImage not pinned by hash: build/unmanageddetector/Dockerfile:23
Warn: containerImage not pinned by hash: build/unmanageddetector/Dockerfile:33
Warn: containerImage not pinned by hash: build/webhook/Dockerfile:19
Warn: containerImage not pinned by hash: build/webhook/Dockerfile:23
Warn: containerImage not pinned by hash: build/webhook/Dockerfile:37
Warn: containerImage not pinned by hash: experiments/compositions/composition/Dockerfile:16
Warn: containerImage not pinned by hash: experiments/compositions/composition/Dockerfile:44: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6cd937e9155bdfd805d1b94e037f9d6a899603306030936a3b11680af0c2ed58
Warn: containerImage not pinned by hash: experiments/compositions/composition/Dockerfile.getter.expander:20
Warn: containerImage not pinned by hash: experiments/compositions/composition/Dockerfile.inline:5
Warn: containerImage not pinned by hash: experiments/compositions/composition/Dockerfile.jinja2.expander:20
Warn: containerImage not pinned by hash: experiments/compositions/composition/Dockerfile.jinja2.expander:36
Warn: containerImage not pinned by hash: experiments/compositions/expanders/cel-expander/Dockerfile:21
Warn: containerImage not pinned by hash: experiments/compositions/expanders/cel-expander/Dockerfile:35
Warn: containerImage not pinned by hash: experiments/compositions/expanders/cel-expander/Dockerfile:43
Warn: containerImage not pinned by hash: experiments/compositions/expanders/helm-expander/Dockerfile:21
Warn: containerImage not pinned by hash: experiments/compositions/expanders/helm-expander/Dockerfile:35
Warn: containerImage not pinned by hash: experiments/compositions/expanders/helm-expander/Dockerfile:51
Warn: containerImage not pinned by hash: experiments/compositions/facade/Dockerfile:16
Warn: containerImage not pinned by hash: experiments/compositions/facade/Dockerfile:42: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6cd937e9155bdfd805d1b94e037f9d6a899603306030936a3b11680af0c2ed58
Warn: containerImage not pinned by hash: operator/Dockerfile:18
Warn: containerImage not pinned by hash: operator/Dockerfile:49
Warn: containerImage not pinned by hash: operator/Dockerfile:62
Warn: goCommand not pinned by hash: .github/workflows/license-lint.yaml:48
Info: 0 out of 50 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 3 third-party GitHubAction dependencies pinned
Info: 0 out of 34 containerImage dependencies pinned
Info: 6 out of 7 goCommand dependencies pinned
Info: 1 out of 1 pipCommand dependencies pinned