Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/golangci-lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/golangci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main-build.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/main-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main-build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/main-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main-build.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/main-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main-build.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/main-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main-build.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/main-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main-build.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/main-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main-build.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/main-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main-build.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/main-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main-build.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/main-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main-build.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/main-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/main-build.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/main-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request-preview-build.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/pull-request-preview-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request-preview-build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/pull-request-preview-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request-preview-build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/pull-request-preview-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request-preview-build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/pull-request-preview-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request-preview-build.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/joostvdg/cmg/pull-request-preview-build.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:10: pin your Docker image by updating alpine:3 to alpine:3@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: Dockerfile.old:1
Warn: containerImage not pinned by hash: Dockerfile.old:10: pin your Docker image by updating alpine:3 to alpine:3@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Info: 0 out of 12 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 10 third-party GitHubAction dependencies pinned
Info: 0 out of 4 containerImage dependencies pinned
Info: 1 out of 1 goCommand dependencies pinned