Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/jenkins-x-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/plugins-pr.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/plugins-pr.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/plugins-pr.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x/jx/plugins-pr.yaml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating ghcr.io/jenkins-x/jx-cli-base-image:0.1.1 to ghcr.io/jenkins-x/jx-cli-base-image:0.1.1@sha256:89d6970207c066b2757cbed2d26da6f9d51f2b1fd32a20381f3abd6372dcb85e
Warn: containerImage not pinned by hash: Dockerfile-boot:1: pin your Docker image by updating alpine:3.16.2 to alpine:3.16.2@sha256:65a2763f593ae85fab3b5406dc9e80f744ec5b449f269b699b5efd37a07ad32e
Warn: containerImage not pinned by hash: Dockerfile-kubectl:1: pin your Docker image by updating alpine:3.16.2 to alpine:3.16.2@sha256:65a2763f593ae85fab3b5406dc9e80f744ec5b449f269b699b5efd37a07ad32e
Warn: containerImage not pinned by hash: Dockerfile-tfo-aws:1: pin your Docker image by updating amazon/aws-cli to amazon/aws-cli@sha256:79f7d165cbb78b95b8b102942aaaf6e6c4041f32bf3f9c4cec60309a4dcda14b
Warn: containerImage not pinned by hash: Dockerfile-tfo-gcp:1: pin your Docker image by updating google/cloud-sdk:slim to google/cloud-sdk:slim@sha256:bfb527a1f2adc67965e472b9542eafd2a26dc31475b7e9247bb618dc5197d7f4
Warn: goCommand not pinned by hash: hack/generate.sh:11
Warn: pipCommand not pinned by hash: run.sh:99
Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 20 third-party GitHubAction dependencies pinned
Info: 2 out of 7 containerImage dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned