Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd-api.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-api.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-api.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-api.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-api.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-api.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-api.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-api.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-api.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-api.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-api.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-api.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-api.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-api.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-api.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-api.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd-auth.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-auth.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-auth.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-auth.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-auth.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-auth.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-auth.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-auth.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-auth.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-auth.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-auth.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-auth.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-auth.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-auth.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-auth.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-auth.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd-helm.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-helm.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-helm.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-helm.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-helm.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-helm.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-helm.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-helm.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd-helm.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-helm.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-helm.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-helm.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-helm.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-helm.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd-metrics-scraper.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-metrics-scraper.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-metrics-scraper.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-metrics-scraper.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-metrics-scraper.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-metrics-scraper.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-metrics-scraper.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-metrics-scraper.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-metrics-scraper.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-metrics-scraper.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-metrics-scraper.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-metrics-scraper.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-metrics-scraper.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-metrics-scraper.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-metrics-scraper.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-metrics-scraper.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd-web.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-web.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-web.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-web.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-web.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-web.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-web.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-web.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-web.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-web.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-web.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-web.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-web.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-web.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd-web.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/cd-web.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-helm.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci-helm.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-helm.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci-helm.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-helm.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci-helm.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-helm.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci-helm.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/pr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes/dashboard/pr.yml/master?enable=pin
Warn: containerImage not pinned by hash: hack/develop/Dockerfile:21: pin your Docker image by updating golang:1.20-bullseye to golang:1.20-bullseye@sha256:a393b941c42b0fae8beb0e5bc033cd6499563e2f1b8d2ccf00d395e8c2ccc0ce
Warn: containerImage not pinned by hash: modules/api/Dockerfile:15
Warn: containerImage not pinned by hash: modules/api/Dockerfile:30
Warn: containerImage not pinned by hash: modules/api/dev.Dockerfile:17
Warn: containerImage not pinned by hash: modules/api/dev.Dockerfile:21: pin your Docker image by updating golang:1.23-alpine3.21 to golang:1.23-alpine3.21@sha256:9c9700c95b03ded3fdaf8c6f55f1d333ba1e683ff398781d240b466bc8a81612
Warn: containerImage not pinned by hash: modules/auth/Dockerfile:15
Warn: containerImage not pinned by hash: modules/auth/Dockerfile:30
Warn: containerImage not pinned by hash: modules/auth/dev.Dockerfile:17
Warn: containerImage not pinned by hash: modules/auth/dev.Dockerfile:21: pin your Docker image by updating golang:1.23-alpine3.21 to golang:1.23-alpine3.21@sha256:9c9700c95b03ded3fdaf8c6f55f1d333ba1e683ff398781d240b466bc8a81612
Warn: containerImage not pinned by hash: modules/metrics-scraper/Dockerfile:15
Warn: containerImage not pinned by hash: modules/metrics-scraper/Dockerfile:30
Warn: containerImage not pinned by hash: modules/metrics-scraper/dev.Dockerfile:15
Warn: containerImage not pinned by hash: modules/metrics-scraper/dev.Dockerfile:19: pin your Docker image by updating golang:1.23-alpine3.21 to golang:1.23-alpine3.21@sha256:9c9700c95b03ded3fdaf8c6f55f1d333ba1e683ff398781d240b466bc8a81612
Warn: containerImage not pinned by hash: modules/web/Dockerfile:17
Warn: containerImage not pinned by hash: modules/web/Dockerfile:32
Warn: containerImage not pinned by hash: modules/web/Dockerfile:56
Warn: containerImage not pinned by hash: modules/web/dev.go.Dockerfile:17
Warn: containerImage not pinned by hash: modules/web/dev.go.Dockerfile:21: pin your Docker image by updating golang:1.23-alpine3.21 to golang:1.23-alpine3.21@sha256:9c9700c95b03ded3fdaf8c6f55f1d333ba1e683ff398781d240b466bc8a81612
Warn: containerImage not pinned by hash: modules/web/dev.web.Dockerfile:15: pin your Docker image by updating node:20-alpine3.21 to node:20-alpine3.21@sha256:82f7e381b009b4adc79cef79ec296896788bb91e522d277048b2d8ff6d976393
Warn: npmCommand not pinned by hash: hack/develop/Dockerfile:51
Warn: downloadThenRun not pinned by hash: hack/develop/Dockerfile:98-99
Warn: goCommand not pinned by hash: modules/api/dev.Dockerfile:19
Warn: goCommand not pinned by hash: modules/auth/dev.Dockerfile:19
Warn: goCommand not pinned by hash: modules/metrics-scraper/dev.Dockerfile:17
Warn: goCommand not pinned by hash: modules/web/dev.go.Dockerfile:19
Warn: npmCommand not pinned by hash: hack/develop/gosu-command.sh:17
Info: 0 out of 24 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 45 third-party GitHubAction dependencies pinned
Info: 0 out of 19 containerImage dependencies pinned
Info: 0 out of 2 npmCommand dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned
Info: 1 out of 5 goCommand dependencies pinned