Info: Possibly incomplete results: error parsing shell code: (( can only be used to open an arithmetic cmd: Dockerfile-windows:16
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-artifacts.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/build-artifacts.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:281: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:318: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integ-peering_commontopo.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integ-peering_commontopo.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations-1.15.x.yml:205: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations-1.15.x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations-1.15.x.yml:323: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations-1.15.x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations-1.18.x.yml:341: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations-1.18.x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations-1.18.x.yml:432: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations-1.18.x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations-1.18.x.yml:205: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations-1.18.x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations-1.19.x.yml:424: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations-1.19.x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations-1.19.x.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations-1.19.x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations-1.19.x.yml:333: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations-1.19.x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations-1.20.x.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations-1.20.x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations-1.20.x.yml:333: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations-1.20.x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations-1.20.x.yml:424: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations-1.20.x.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations.yml:398: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test-integrations.yml:309: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/nightly-test-integrations.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/reusable-unit-split.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/reusable-unit-split.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/reusable-unit.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/reusable-unit.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integrations.yml:380: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/test-integrations.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integrations.yml:580: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/test-integrations.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integrations.yml:495: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/test-integrations.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integrations.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/test-integrations.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integrations.yml:220: update your workflow using https://app.stepsecurity.io/secureworkflow/hashicorp/consul/test-integrations.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:19
Warn: containerImage not pinned by hash: Dockerfile:122
Warn: containerImage not pinned by hash: Dockerfile:220
Warn: containerImage not pinned by hash: Dockerfile-windows:1: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2019 to mcr.microsoft.com/windows/servercore:ltsc2019@sha256:fb07dd14e84db4b84909be0a989597c31e28e199e7f47964fce763623d68e5d9
Warn: containerImage not pinned by hash: build-support/docker/Build-Go.dockerfile:5
Warn: containerImage not pinned by hash: build-support/docker/Build-UI.dockerfile:4: pin your Docker image by updating docker.mirror.hashicorp.services/node:18-alpine to docker.mirror.hashicorp.services/node:18-alpine@sha256:a24108da7089c2d293ceaa61fb8969ec10821e8efe25572e5abb10b1841eb70b
Warn: containerImage not pinned by hash: build-support/docker/Consul-Dev-Dbg.dockerfile:4
Warn: containerImage not pinned by hash: build-support/docker/Consul-Dev-Multiarch.dockerfile:5
Warn: containerImage not pinned by hash: build-support/docker/Consul-Dev.dockerfile:5
Warn: containerImage not pinned by hash: build-support/windows/Dockerfile-consul-dev-windows:3
Warn: containerImage not pinned by hash: build-support/windows/Dockerfile-consul-local-windows:3
Warn: containerImage not pinned by hash: build-support/windows/Dockerfile-consul-local-windows:4
Warn: containerImage not pinned by hash: build-support/windows/Dockerfile-consul-local-windows:5
Warn: containerImage not pinned by hash: build-support/windows/Dockerfile-openzipkin-windows:1
Warn: containerImage not pinned by hash: test/integration/connect/envoy/Dockerfile-bats:1
Warn: containerImage not pinned by hash: test/integration/connect/envoy/Dockerfile-bats:3: pin your Docker image by updating docker.mirror.hashicorp.services/bats/bats:1.7.0 to docker.mirror.hashicorp.services/bats/bats:1.7.0@sha256:c707c5b7f9afd49da3e8a94248b03832e8b427f1b8f1ae9ec3cfdc5596d9c9f4
Warn: containerImage not pinned by hash: test/integration/connect/envoy/Dockerfile-consul-envoy:4
Warn: containerImage not pinned by hash: test/integration/connect/envoy/Dockerfile-consul-envoy:6
Warn: containerImage not pinned by hash: test/integration/connect/envoy/Dockerfile-consul-envoy-windows:6
Warn: containerImage not pinned by hash: test/integration/connect/envoy/Dockerfile-consul-envoy-windows:7
Warn: containerImage not pinned by hash: test/integration/connect/envoy/Dockerfile-tcpdump:1: pin your Docker image by updating alpine:3.20 to alpine:3.20@sha256:31687a2fdd021f85955bf2d0c2682e9c0949827560e1db546358ea094f740f12
Warn: containerImage not pinned by hash: test/integration/connect/envoy/Dockerfile-tcpdump-windows:1: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2019 to mcr.microsoft.com/windows/servercore:ltsc2019@sha256:fb07dd14e84db4b84909be0a989597c31e28e199e7f47964fce763623d68e5d9
Warn: containerImage not pinned by hash: test/integration/connect/envoy/Dockerfile-test-sds-server-windows:1
Warn: containerImage not pinned by hash: test/integration/connect/envoy/test-sds-server/Dockerfile:4: pin your Docker image by updating golang:latest to golang:latest@sha256:585103a29aa6d4c98bbb45d2446e1fdf41441698bbdf707d1801f5708e479f04
Warn: containerImage not pinned by hash: test/integration/consul-container/assets/Dockerfile-consul-dataplane:8
Warn: containerImage not pinned by hash: test/integration/consul-container/assets/Dockerfile-consul-dataplane:10
Warn: containerImage not pinned by hash: test/integration/consul-container/assets/Dockerfile-consul-envoy:5
Warn: containerImage not pinned by hash: test/integration/consul-container/assets/Dockerfile-consul-envoy:7
Warn: chocoCommand not pinned by hash: Dockerfile-windows:19
Warn: chocoCommand not pinned by hash: build-support/windows/Dockerfile-consul-local-windows:13
Warn: chocoCommand not pinned by hash: build-support/windows/Dockerfile-consul-local-windows:14
Warn: chocoCommand not pinned by hash: build-support/windows/Dockerfile-consul-local-windows:15
Warn: chocoCommand not pinned by hash: build-support/windows/Dockerfile-consul-local-windows:16
Warn: pipCommand not pinned by hash: build-support/scripts/devtools.sh:225
Warn: goCommand not pinned by hash: .github/workflows/go-tests.yml:128
Info: 247 out of 247 GitHub-owned GitHubAction dependencies pinned
Info: 47 out of 77 third-party GitHubAction dependencies pinned
Info: 1 out of 2 goCommand dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 0 out of 28 containerImage dependencies pinned
Info: 0 out of 5 chocoCommand dependencies pinned