Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:242: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dendrite.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:250: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dendrite.yml:265: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:278: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:280: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:284: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:308: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:310: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:314: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:425: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dendrite.yml:483: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dendrite.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dendrite.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:360: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:361: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:384: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dendrite.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dendrite.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/dendrite.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh-pages.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/gh-pages.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh-pages.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/gh-pages.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh-pages.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/gh-pages.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh-pages.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/gh-pages.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh-pages.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/gh-pages.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/helm.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/helm.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/helm.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/helm.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/helm.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/helm.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/k8s.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/k8s.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/k8s.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/k8s.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/k8s.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/k8s.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/k8s.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/k8s.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/k8s.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/k8s.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/k8s.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/k8s.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/k8s.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/k8s.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/k8s.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/k8s.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/k8s.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/k8s.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/schedules.yaml:237: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/schedules.yaml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:257: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/schedules.yaml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/schedules.yaml:289: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:294: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:297: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/schedules.yaml:315: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/schedules.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedules.yaml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/matrix-org/dendrite/schedules.yaml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:6
Warn: containerImage not pinned by hash: Dockerfile:12
Warn: containerImage not pinned by hash: Dockerfile:29: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: build/docker/DendriteJS.Dockerfile:8
Warn: containerImage not pinned by hash: build/docker/DendriteJS.Dockerfile:18
Warn: containerImage not pinned by hash: build/docker/DendriteJS.Dockerfile:97: pin your Docker image by updating nginx to nginx@sha256:42e917aaa1b5bb40dd0f6f7f4f857490ac7747d7ef73b391c774a41a8b994f15
Warn: containerImage not pinned by hash: build/docker/Dockerfile.demo-pinecone:1
Warn: containerImage not pinned by hash: build/docker/Dockerfile.demo-pinecone:19: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: build/docker/Dockerfile.demo-yggdrasil:1
Warn: containerImage not pinned by hash: build/docker/Dockerfile.demo-yggdrasil:19: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: build/scripts/Complement.Dockerfile:3
Warn: containerImage not pinned by hash: build/scripts/ComplementLocal.Dockerfile:11: pin your Docker image by updating golang:1.22-bookworm to golang:1.22-bookworm@sha256:40d4065ea501aca565ab48cd00fe42623d216aeefda105b1ba8defbac832b3ef
Warn: containerImage not pinned by hash: build/scripts/ComplementPostgres.Dockerfile:3
Warn: goCommand not pinned by hash: .github/workflows/dendrite.yml:423
Warn: goCommand not pinned by hash: .github/workflows/schedules.yaml:152
Info: 0 out of 58 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 38 third-party GitHubAction dependencies pinned
Info: 0 out of 13 containerImage dependencies pinned
Info: 0 out of 2 goCommand dependencies pinned
Info: 1 out of 1 npmCommand dependencies pinned