Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/metalmatze/prometheus-operator/ci.yaml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:3
Warn: containerImage not pinned by hash: cmd/prometheus-config-reloader/Dockerfile:3
Warn: containerImage not pinned by hash: example/alertmanger-webhook/Dockerfile:1: pin your Docker image by updating quay.io/prometheus/busybox:latest to quay.io/prometheus/busybox:latest@sha256:dfa54ef35e438b9e71ac5549159074576b6382f95ce1a434088e05fd6b730bc4
Warn: containerImage not pinned by hash: scripts/tooling/Dockerfile:1
Warn: containerImage not pinned by hash: scripts/tooling/Dockerfile:31: pin your Docker image by updating golang:1.14 to golang:1.14@sha256:1a7173b5b9a3af3e29a5837e0b2027e1c438fd1b83bbee8f221355087ad416d6
Warn: containerImage not pinned by hash: test/instrumented-sample-app/Dockerfile:1
Warn: containerImage not pinned by hash: test/instrumented-sample-app/Dockerfile:6: pin your Docker image by updating alpine:3.7 to alpine:3.7@sha256:8421d9a84432575381bfabd248f1eb56f3aa21d9d7cd2511583c68c9b7511d10
Warn: goCommand not pinned by hash: scripts/tooling/Dockerfile:22
Warn: goCommand not pinned by hash: scripts/tooling/Dockerfile:23
Info: 0 out of 17 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 4 third-party GitHubAction dependencies pinned
Info: 0 out of 7 containerImage dependencies pinned
Info: 0 out of 2 goCommand dependencies pinned