Info: Possibly incomplete results: error parsing shell code: parameter expansion requires a literal: src/command/completion/script/zsh.sh:0
Warn: third-party GitHubAction not pinned by hash: .github/workflows/homebrew.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/homebrew.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/homebrew.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/homebrew.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/verify.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/hekmekk/git-team/verify.yaml/main?enable=pin
Warn: containerImage not pinned by hash: acceptance-tests.Dockerfile:1
Warn: containerImage not pinned by hash: acceptance-tests.Dockerfile:19
Warn: containerImage not pinned by hash: acceptance-tests.Dockerfile:36: pin your Docker image by updating golang:1.23-alpine to golang:1.23-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
Warn: containerImage not pinned by hash: hookscript-tests.Dockerfile:1
Warn: containerImage not pinned by hash: hookscript-tests.Dockerfile:19
Warn: containerImage not pinned by hash: hookscript-tests.Dockerfile:36: pin your Docker image by updating golang:1.23-alpine to golang:1.23-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
Warn: containerImage not pinned by hash: zsh-completion.Dockerfile:9: pin your Docker image by updating golang:1.23-alpine to golang:1.23-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
Info: 0 out of 12 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 6 third-party GitHubAction dependencies pinned
Info: 3 out of 3 goCommand dependencies pinned
Info: 0 out of 7 containerImage dependencies pinned