Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-tests.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/check-tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-tests.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/check-tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-tests.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/check-tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-tests.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/check-tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/docs-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/docs-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-deploy.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/docs-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/docs-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/docs-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/docs-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh-actions-updater.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/gh-actions-updater.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh-actions-updater.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/gh-actions-updater.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/stale.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test-integration.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test-integration.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test-integration.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test-integration.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test-integration.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test-integration.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test-integration.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test-integration.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test-integration.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test-integration.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test-integration.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-flake.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/update-flake.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-flake.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/update-flake.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-flake.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/juanfont/headscale/update-flake.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile.derper:3
Warn: containerImage not pinned by hash: Dockerfile.derper:15: pin your Docker image by updating alpine:3.18 to alpine:3.18@sha256:dd60c75fba961ecc5e918961c713f3c42dd5665171c58f9b2ef5aafe081ad5a0
Warn: containerImage not pinned by hash: Dockerfile.integration:5: pin your Docker image by updating docker.io/golang:1.23-bookworm to docker.io/golang:1.23-bookworm@sha256:441f59f8a2104b99320e1f5aaf59a81baabbc36c81f4e792d5715ef09dd29355
Warn: containerImage not pinned by hash: Dockerfile.tailscale-HEAD:7
Warn: containerImage not pinned by hash: Dockerfile.tailscale-HEAD:39: pin your Docker image by updating alpine:3.18 to alpine:3.18@sha256:dd60c75fba961ecc5e918961c713f3c42dd5665171c58f9b2ef5aafe081ad5a0
Warn: pipCommand not pinned by hash: .github/workflows/docs-deploy.yml:38
Warn: pipCommand not pinned by hash: .github/workflows/docs-test.yml:26
Info: 0 out of 23 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 34 third-party GitHubAction dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned
Info: 3 out of 3 goCommand dependencies pinned
Info: 0 out of 2 pipCommand dependencies pinned