Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add_to_project.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/add_to_project.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check_pr_linked_issue.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/check_pr_linked_issue.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/helm_release.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/helm_release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/helm_release.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/helm_release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/helm_release.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/helm_release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_e2e_tests.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_e2e_tests.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_e2e_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind_e2e_tests.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_e2e_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind_e2e_tests.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_e2e_tests.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_e2e_tests.yaml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_e2e_tests.yaml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_e2e_tests.yaml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_e2e_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind_e2e_tests.yaml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_e2e_tests.yaml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_e2e_tests.yaml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_e2e_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_e2e_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_e2e_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_isolated_control_plane_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_isolated_control_plane_e2e_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_isolated_control_plane_e2e_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_isolated_control_plane_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_isolated_control_plane_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_isolated_control_plane_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_isolated_control_plane_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_isolated_control_plane_e2e_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_isolated_control_plane_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_isolated_control_plane_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kind_multicluster_isolated_control_plane_e2e_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kuttl_tests.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kuttl_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kuttl_tests.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kuttl_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kuttl_tests.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kuttl_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/kuttl_tests.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kuttl_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kuttl_tests.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kuttl_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kuttl_tests.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kuttl_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kuttl_tests.yaml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kuttl_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kuttl_tests.yaml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kuttl_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kuttl_tests.yaml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/kuttl_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs-staging.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/publish-docs-staging.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docs-staging.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/publish-docs-staging.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs-staging.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/publish-docs-staging.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/publish-docs.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docs.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/publish-docs.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/publish-docs.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_and_build_image.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/test_and_build_image.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_and_build_image.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/test_and_build_image.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_and_build_image.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/test_and_build_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_and_build_image.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/test_and_build_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_and_build_image.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/test_and_build_image.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_and_build_image.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/test_and_build_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_and_build_image.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/test_and_build_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_and_build_image.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/test_and_build_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_and_build_image.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/test_and_build_image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_and_build_image.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/test_and_build_image.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-crd-reference.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/update-crd-reference.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-crd-reference.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/update-crd-reference.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-crd-reference.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/update-crd-reference.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-crd-reference.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/update-crd-reference.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-crd-reference.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/update-crd-reference.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version_tests.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/version_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version_tests.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/version_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version_tests.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/version_tests.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version_tests.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/version_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version_tests.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/version_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version_tests.yaml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/version_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version_tests.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/version_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version_tests.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/version_tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version_tests.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/k8ssandra/k8ssandra-operator/version_tests.yaml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:2
Warn: containerImage not pinned by hash: Dockerfile:25: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6cd937e9155bdfd805d1b94e037f9d6a899603306030936a3b11680af0c2ed58
Warn: downloadThenRun not pinned by hash: .circleci/install_sys_deps.sh:22
Warn: goCommand not pinned by hash: .github/workflows/kind_e2e_tests.yaml:139
Warn: goCommand not pinned by hash: .github/workflows/kind_multicluster_e2e_tests.yaml:107
Warn: goCommand not pinned by hash: .github/workflows/kind_multicluster_isolated_control_plane_e2e_tests.yaml:85
Warn: npmCommand not pinned by hash: .github/workflows/publish-docs-staging.yaml:31
Warn: npmCommand not pinned by hash: .github/workflows/publish-docs.yaml:33
Warn: goCommand not pinned by hash: .github/workflows/update-crd-reference.yaml:32
Info: 0 out of 53 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 30 third-party GitHubAction dependencies pinned
Info: 0 out of 4 goCommand dependencies pinned
Info: 0 out of 2 npmCommand dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned