Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/docs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/generate.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/generate.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/generate.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/generate.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/generate.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/generate.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/milestone.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/milestone.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/nfpm/release.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: pipCommand not pinned by hash: scripts/pages/build.sh:3
Warn: pipCommand not pinned by hash: scripts/pages/build.sh:4
Warn: goCommand not pinned by hash: .github/workflows/generate.yml:27
Info: 2 out of 21 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 23 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 0 out of 2 pipCommand dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned