Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-ackley.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-ackley.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-ackley.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-ackley.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-ackley.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-ackley.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-ackley.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-ackley.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark-ackley.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-ackley.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark-ackley.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-ackley.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark-ackley.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-ackley.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-ackley.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-ackley.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-ackley.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-ackley.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-ackley.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-ackley.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-hpobench-naval.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-hpobench-naval.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-hpobench-naval.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-hpobench-naval.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-hpobench-naval.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-hpobench-naval.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-hpobench-naval.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-hpobench-naval.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-hpobench-naval.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-hpobench-naval.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-hpobench-naval.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-rastrigin.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-rastrigin.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-rastrigin.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-rastrigin.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-rastrigin.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-rastrigin.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-rastrigin.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-rastrigin.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark-rastrigin.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-rastrigin.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark-rastrigin.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-rastrigin.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark-rastrigin.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-rastrigin.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-rastrigin.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-rastrigin.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-rastrigin.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-rastrigin.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-rastrigin.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/benchmark-rastrigin.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-examples.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/go-examples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-examples.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/go-examples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-tests.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/go-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-tests.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/go-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-tests.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/go-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-tests.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/go-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-tests.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/go-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-tests.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/go-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typescript-checks.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/typescript-checks.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typescript-checks.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/typescript-checks.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typescript-checks.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/typescript-checks.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typescript-checks.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/maxhora/goptuna/typescript-checks.yml/main?enable=pin
Warn: containerImage not pinned by hash: dashboard/Dockerfile:1
Warn: containerImage not pinned by hash: dashboard/Dockerfile:16: pin your Docker image by updating golang:1.15 to golang:1.15@sha256:ea080cc817b02a946461d42c02891bf750e3916c52f7ea8187bccde8f312b59f
Warn: npmCommand not pinned by hash: dashboard/Dockerfile:8
Warn: goCommand not pinned by hash: dashboard/Dockerfile:21
Warn: pipCommand not pinned by hash: .github/workflows/benchmark-ackley.yml:28
Warn: pipCommand not pinned by hash: .github/workflows/benchmark-ackley.yml:29
Warn: goCommand not pinned by hash: .github/workflows/benchmark-ackley.yml:43
Warn: pipCommand not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:28
Warn: pipCommand not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:29
Warn: goCommand not pinned by hash: .github/workflows/benchmark-hpobench-naval.yml:55
Warn: pipCommand not pinned by hash: .github/workflows/benchmark-rastrigin.yml:28
Warn: pipCommand not pinned by hash: .github/workflows/benchmark-rastrigin.yml:29
Warn: goCommand not pinned by hash: .github/workflows/benchmark-rastrigin.yml:43
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:21
Warn: npmCommand not pinned by hash: .github/workflows/typescript-checks.yml:24
Warn: npmCommand not pinned by hash: .github/workflows/typescript-checks.yml:40
Info: 0 out of 37 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 10 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 0 out of 4 npmCommand dependencies pinned
Info: 0 out of 4 goCommand dependencies pinned
Info: 0 out of 6 pipCommand dependencies pinned