Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backup.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/backup.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/backup.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/backup.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-report.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/coverage-report.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-report.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/coverage-report.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage-report.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/coverage-report.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/pull-request.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/release-drafter.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/release.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/LinuxSuRen/http-downloader/release.yaml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:14: pin your Docker image by updating alpine:3.10 to alpine:3.10@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98
Warn: downloadThenRun not pinned by hash: .github/workflows/coverage-report.yaml:24
Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
Info: 7 out of 16 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned