Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jenkins-x-pr.yaml:6: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-pr.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jenkins-x-pr.yaml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-pr.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-pr.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-pr.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-pr.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-pr.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-pr.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-pr.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-pr.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-pr.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-pr.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-pr.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-pr.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-pr.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-pr.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-pr.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:6: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-x-release.yaml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkins-x-plugins/jx-preview/jenkins-x-release.yaml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating ghcr.io/jenkins-x/jx-boot:latest to ghcr.io/jenkins-x/jx-boot:latest@sha256:ec7939a08df47f39ee1355313ea8f04111ebc3a0f9b7746a5f3d20659b19f9d4
Warn: containerImage not pinned by hash: Dockerfile-preview:1: pin your Docker image by updating golang:1.23.3 to golang:1.23.3@sha256:e5ca1999e21764b1fd40cf6564ebfb7022e7a55b8c72886a9bcb697a5feac8d6
Warn: downloadThenRun not pinned by hash: .github/workflows/jenkins-x/sbom-container.sh:5
Warn: downloadThenRun not pinned by hash: .github/workflows/jenkins-x/upload-binaries.sh:29
Warn: goCommand not pinned by hash: hack/generate.sh:11
Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 20 third-party GitHubAction dependencies pinned
Info: 0 out of 2 downloadThenRun dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned