Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cron-stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/cron-stale.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cron-stale.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/cron-stale.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on-merge-tagger.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-merge-tagger.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-merge-tagger.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-merge-tagger.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-approval.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-approval.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-label.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-label.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr-merged.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr-merged.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on-pr.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-pr.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-pr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-review-requsted.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/libopenstorage/openstorage/on-review-requsted.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile.osd:1: pin your Docker image by updating gcr.io/distroless/base-debian10 to gcr.io/distroless/base-debian10@sha256:101798a3b76599762d3528635113f0466dc9655ecba82e8e33d410e2bf5cd319
Warn: containerImage not pinned by hash: Dockerfile.osd-dev:1: pin your Docker image by updating docker.io/openstorage/osd-dev-base:1.16 to docker.io/openstorage/osd-dev-base:1.16@sha256:ba408fc6497cb16c3615dfae69796b536216ea1fcb3b4298b976c8cefee688c7
Warn: containerImage not pinned by hash: Dockerfile.osd-dev-base:1: pin your Docker image by updating golang:1.16 to golang:1.16@sha256:5f6a4662de3efc6d6bb812d02e9de3d8698eea16b8eb7281f03e6f3e8383018e
Warn: containerImage not pinned by hash: Dockerfile.proto:4: pin your Docker image by updating golang to golang@sha256:8c10f21bec412f08f73aa7b97ca5ac5f28a39d8a88030ad8a339fd0a781d72b4
Warn: containerImage not pinned by hash: Dockerfile.sdk:1: pin your Docker image by updating alpine to alpine@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: goCommand not pinned by hash: Dockerfile.osd-dev-base:16-25
Warn: downloadThenRun not pinned by hash: Dockerfile.proto:12
Warn: pipCommand not pinned by hash: Dockerfile.proto:22
Warn: goCommand not pinned by hash: Dockerfile.proto:24-26
Warn: goCommand not pinned by hash: Dockerfile.proto:24-26
Warn: goCommand not pinned by hash: Dockerfile.proto:24-26
Warn: npmCommand not pinned by hash: Dockerfile.proto:53
Warn: goCommand not pinned by hash: hack/csi-sanity-test.sh:25
Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10
Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/vet.sh:38
Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/vet.sh:49
Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 17 third-party GitHubAction dependencies pinned
Info: 3 out of 11 goCommand dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned