Info: Possibly incomplete results: error parsing shell code: (( can only be used to open an arithmetic cmd: cli/images/windows-nanoserver/Dockerfile:6
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chocolatey-release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/chocolatey-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit-lint.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/commit-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lacework-code-analysis.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/lacework-code-analysis.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lacework-code-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/lacework-code-analysis.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lacework-code-analysis.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/lacework-code-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-build.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/nightly-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/nightly-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-build.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/nightly-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-build.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/nightly-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-build.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/nightly-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-build.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/nightly-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-build.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/nightly-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-release.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/prepare-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/prepare-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/prepare-release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/prepare-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-build.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/test-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-build.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/test-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/test-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-build.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/test-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-build.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/test-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-build.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/test-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-build.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/test-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-build.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/test-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-build.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/test-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-cli-docs.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/update-cli-docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-cli-docs.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/update-cli-docs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-cli-docs.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/update-cli-docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-homebrew-formula.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/update-homebrew-formula.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-homebrew-formula.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/update-homebrew-formula.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-homebrew-formula.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/update-homebrew-formula.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/verify-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify-release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/verify-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows-integration.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/windows-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows-integration.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/lacework/go-sdk/windows-integration.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: cli/images/windows-nanoserver/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/windows/nanoserver:1903 to mcr.microsoft.com/windows/nanoserver:1903@sha256:6f95750a59a675c734e6772e8cd98d2b6851e03e828e80ca34817756b7c16c82
Warn: containerImage not pinned by hash: integration/test_resources/clean.Dockerfile:1
Warn: containerImage not pinned by hash: integration/test_resources/vuln_scan/dirty.Dockerfile:1: pin your Docker image by updating node:15.2.0 to node:15.2.0@sha256:5910dcb2fc9b7aa32c9911a149e0121856457b798612d4fc1703956b5ff2b88b
Warn: goCommand not pinned by hash: vendor/github.com/go-git/go-git/v5/oss-fuzz.sh:20
Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/benchmark.sh:10
Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/regenerate.sh:35
Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/vet.sh:37
Warn: pipCommand not pinned by hash: .github/workflows/commit-lint.yml:19
Info: 0 out of 22 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 18 third-party GitHubAction dependencies pinned
Info: 0 out of 4 containerImage dependencies pinned
Info: 3 out of 7 goCommand dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned