Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/docker.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/docker.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/docker.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/docker.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/lxlee1102/vpp-agent/test.yml/master?enable=pin
Warn: containerImage not pinned by hash: docker/dev/Dockerfile:2
Warn: containerImage not pinned by hash: docker/dev/Dockerfile:6
Warn: containerImage not pinned by hash: docker/dev/Dockerfile:61
Warn: containerImage not pinned by hash: docker/prod/Dockerfile:2
Warn: containerImage not pinned by hash: docker/prod/Dockerfile:4
Warn: containerImage not pinned by hash: tests/e2e/e2etest/Dockerfile.e2e:1
Warn: containerImage not pinned by hash: tests/e2e/e2etest/Dockerfile.e2e:6: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Warn: containerImage not pinned by hash: tests/integration/Dockerfile.integration:3
Warn: containerImage not pinned by hash: tests/integration/Dockerfile.integration:8
Warn: goCommand not pinned by hash: scripts/cmpbench.sh:60
Warn: goCommand not pinned by hash: scripts/cmpbench.sh:65
Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:19
Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 1 out of 3 goCommand dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 0 out of 9 containerImage dependencies pinned