Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/benchmark.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/benchmark.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/benchmark.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/benchmark.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conventional-commits.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/conventional-commits.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/conventional-commits.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/conventional-commits.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-main.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/docker-main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-main.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/docker-main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-main.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/docker-main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-main.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/docker-main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-main.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/docker-main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/docs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image-scan.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/image-scan.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/image-scan.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/image-scan.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image-scan.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/image-scan.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/label.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release-please.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release-please.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release-please.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release-please.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release-please.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release-please.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release-please.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/hairyhenderson/gomplate/stale.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:2
Warn: containerImage not pinned by hash: Dockerfile:41
Warn: containerImage not pinned by hash: Dockerfile:56
Warn: containerImage not pinned by hash: Dockerfile:62
Warn: containerImage not pinned by hash: Dockerfile.integration:1
Warn: containerImage not pinned by hash: Dockerfile.integration:3
Warn: containerImage not pinned by hash: Dockerfile.integration:5: pin your Docker image by updating golang:1.23-alpine to golang:1.23-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
Warn: npmCommand not pinned by hash: .github/workflows/release-please.yml:35
Info: 0 out of 33 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 18 third-party GitHubAction dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned
Info: 0 out of 7 containerImage dependencies pinned