Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeql.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/codeql.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dagger-build.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/dagger-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dagger-build.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/dagger-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depsreview.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/depsreview.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/docs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/generate.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/generate.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/gitleaks.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/gitleaks.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/grype.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/grype.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-oss.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/nightly-oss.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-oss.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/nightly-oss.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-oss.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/nightly-oss.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-oss.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/nightly-oss.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-oss.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/nightly-oss.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-oss.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/nightly-oss.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-oss.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/nightly-oss.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-oss.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/nightly-oss.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/goreleaser/goreleaser/release.yml/main?enable=pin
Warn: containerImage not pinned by hash: www/Dockerfile:1: pin your Docker image by updating squidfunk/mkdocs-material to squidfunk/mkdocs-material@sha256:7e841df1cfb6c8c4ff0968f2cfe55127fb1a2f5614e1c9bc23cbc11fe4c96644
Warn: pipCommand not pinned by hash: www/Dockerfile:2
Warn: pipCommand not pinned by hash: www/Dockerfile:3
Warn: pipCommand not pinned by hash: www/Dockerfile:4
Warn: pipCommand not pinned by hash: www/Dockerfile:5
Warn: pipCommand not pinned by hash: scripts/pages/build.sh:8
Warn: pipCommand not pinned by hash: scripts/pages/build.sh:9
Warn: goCommand not pinned by hash: .github/workflows/generate.yml:27
Warn: goCommand not pinned by hash: .github/workflows/generate.yml:28
Info: 25 out of 29 GitHub-owned GitHubAction dependencies pinned
Info: 20 out of 48 third-party GitHubAction dependencies pinned
Info: 1 out of 2 containerImage dependencies pinned
Info: 0 out of 6 pipCommand dependencies pinned
Info: 0 out of 2 goCommand dependencies pinned