Go module

github.com/moby/moby

v23.0.2+incompatible

Newer version available

Published

April 1, 2023

Links

Origin: https://pkg.go.dev/github.com/moby/moby@v23.0.2+incompatible
Repo: https://github.com/moby/moby

Projects

moby/moby

GitHub

The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

19k forks

70k stars

OpenSSF scorecard

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

View information about checks and how to fix failures.

Score

9/10

Scorecard as of May 19, 2025.

Maintained

10/10

Determines if the project is "actively maintained".

Reasoning

30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10

Code-Review

10/10

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

Reasoning

all changesets reviewed

Security-Policy

10/10

Determines if the project has published a security policy.

Reasoning

security policy file detected

CII-Best-Practices

0/10

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

Reasoning

no effort to earn an OpenSSF best practices badge detected

Dangerous-Workflow

10/10

Determines if the project's GitHub Action workflows avoid dangerous patterns.

Reasoning

no dangerous workflow patterns detected

License

10/10

Determines if the project has defined a license.

Reasoning

license file detected

Token-Permissions

10/10

Determines if the project's workflows follow the principle of least privilege.

Reasoning

GitHub workflow tokens follow principle of least privilege

Fuzzing

10/10

Determines if the project uses fuzzing.

Reasoning

project is fuzzed

SAST

10/10

Determines if the project uses static code analysis.

Reasoning

SAST tool is run on all commits

Binary-Artifacts

10/10

Determines if the project has generated executable (binary) artifacts in the source repository.

Reasoning

no binaries found in the repo

Pinned-Dependencies

0/10

Determines if the project has declared and pinned the dependencies of its build process.

Reasoning

dependency not pinned by hash detected -- score normalized to 0

Project metadata as of May 26, 2025.

This site uses cookies from Google to deliver its services and to analyze traffic.

Pinned-Dependencies

Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: Dockerfile.windows:184-274

Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: Dockerfile.windows:276-290

Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: Dockerfile.windows:292-306

Info: Possibly incomplete results: error parsing shell code: (( can only be used to open an arithmetic cmd: contrib/busybox/Dockerfile:22-25

Info: Possibly incomplete results: error parsing job operating system: .github/workflows/.test.yml:179

Info: Possibly incomplete results: error parsing job operating system: .github/workflows/.test.yml:209

Info: Possibly incomplete results: error parsing job operating system: .github/workflows/.test.yml:216

Info: Possibly incomplete results: error parsing job operating system: .github/workflows/.test.yml:242

Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): .github/workflows/.windows.yml:322

Info: Possibly incomplete results: error parsing shell code: statements must be separated by &, ; or a newline: .github/workflows/.windows.yml:338

Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): .github/workflows/.windows.yml:354

Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): .github/workflows/.windows.yml:379

Info: Possibly incomplete results: error parsing shell code: & can only immediately follow a statement: .github/workflows/.windows.yml:412

Info: Possibly incomplete results: error parsing shell code: & can only immediately follow a statement: .github/workflows/.windows.yml:418

Info: Possibly incomplete results: error parsing shell code: & can only immediately follow a statement: .github/workflows/.windows.yml:427

Info: Possibly incomplete results: error parsing shell code: & can only immediately follow a statement: .github/workflows/.windows.yml:468

Info: Possibly incomplete results: error parsing shell code: invalid func name: .github/workflows/.windows.yml:484

Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): .github/workflows/.windows.yml:65

Info: Possibly incomplete results: error parsing shell code: & can only immediately follow a statement: .github/workflows/.windows.yml:91

Info: Possibly incomplete results: error parsing shell code: & can only immediately follow a statement: .github/workflows/.windows.yml:100

Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): .github/workflows/.windows.yml:144

Info: Possibly incomplete results: error parsing shell code: & can only immediately follow a statement: .github/workflows/.windows.yml:171

Info: Possibly incomplete results: error parsing shell code: & can only immediately follow a statement: .github/workflows/.windows.yml:180

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.dco.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.dco.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.dco.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.dco.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.dco.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.dco.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test-prepare.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test-prepare.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test-prepare.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test-prepare.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test-unit.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test-unit.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test-unit.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test-unit.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test-unit.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test-unit.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test-unit.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test-unit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test-unit.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test-unit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test-unit.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test-unit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test-unit.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test-unit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:294: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:297: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:320: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:368: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test.yml:386: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test.yml:393: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test.yml:424: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:438: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:454: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:460: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.test.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:265: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:271: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.windows.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:220: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:244: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:297: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:316: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:433: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/.windows.yml:459: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:500: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:527: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.windows.yml:533: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/.windows.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/arm64.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/arm64.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/arm64.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/arm64.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/arm64.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/arm64.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/arm64.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/arm64.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/arm64.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/arm64.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/arm64.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/arm64.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/arm64.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/arm64.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/arm64.yml:228: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/arm64.yml:242: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/arm64.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/arm64.yml:264: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/arm64.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bin-image.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/bin-image.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bin-image.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bin-image.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bin-image.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/bin-image.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/bin-image.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/bin-image.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/bin-image.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bin-image.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bin-image.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bin-image.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/bin-image.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/bin-image.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/bin-image.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/buildkit.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/buildkit.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/buildkit.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/buildkit.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/buildkit.yml:313: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:315: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:319: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:329: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:336: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/buildkit.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/buildkit.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildkit.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/buildkit.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/ci.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/ci.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/ci.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/ci.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/ci.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/ci.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/ci.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/ci.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/ci.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/ci.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/codeql.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/codeql.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/codeql.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/codeql.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/codeql.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/test.yml/master?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/test.yml/master?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/moby/moby/test.yml/master?enable=pin

Warn: containerImage not pinned by hash: Dockerfile:48

Warn: containerImage not pinned by hash: Dockerfile:52

Warn: containerImage not pinned by hash: Dockerfile:58

Warn: containerImage not pinned by hash: Dockerfile:70

Warn: containerImage not pinned by hash: Dockerfile:81

Warn: containerImage not pinned by hash: Dockerfile:85

Warn: containerImage not pinned by hash: Dockerfile:95

Warn: containerImage not pinned by hash: Dockerfile:110

Warn: containerImage not pinned by hash: Dockerfile:131

Warn: containerImage not pinned by hash: Dockerfile:141

Warn: containerImage not pinned by hash: Dockerfile:152

Warn: containerImage not pinned by hash: Dockerfile:153

Warn: containerImage not pinned by hash: Dockerfile:155

Warn: containerImage not pinned by hash: Dockerfile:164

Warn: containerImage not pinned by hash: Dockerfile:177

Warn: containerImage not pinned by hash: Dockerfile:200

Warn: containerImage not pinned by hash: Dockerfile:201

Warn: containerImage not pinned by hash: Dockerfile:202

Warn: containerImage not pinned by hash: Dockerfile:204

Warn: containerImage not pinned by hash: Dockerfile:211

Warn: containerImage not pinned by hash: Dockerfile:218

Warn: containerImage not pinned by hash: Dockerfile:225

Warn: containerImage not pinned by hash: Dockerfile:231

Warn: containerImage not pinned by hash: Dockerfile:244

Warn: containerImage not pinned by hash: Dockerfile:257

Warn: containerImage not pinned by hash: Dockerfile:267

Warn: containerImage not pinned by hash: Dockerfile:288

Warn: containerImage not pinned by hash: Dockerfile:289

Warn: containerImage not pinned by hash: Dockerfile:290

Warn: containerImage not pinned by hash: Dockerfile:293

Warn: containerImage not pinned by hash: Dockerfile:301

Warn: containerImage not pinned by hash: Dockerfile:323

Warn: containerImage not pinned by hash: Dockerfile:324

Warn: containerImage not pinned by hash: Dockerfile:325

Warn: containerImage not pinned by hash: Dockerfile:328

Warn: containerImage not pinned by hash: Dockerfile:335

Warn: containerImage not pinned by hash: Dockerfile:357

Warn: containerImage not pinned by hash: Dockerfile:358

Warn: containerImage not pinned by hash: Dockerfile:359

Warn: containerImage not pinned by hash: Dockerfile:361

Warn: containerImage not pinned by hash: Dockerfile:394

Warn: containerImage not pinned by hash: Dockerfile:395

Warn: containerImage not pinned by hash: Dockerfile:396

Warn: containerImage not pinned by hash: Dockerfile:397

Warn: containerImage not pinned by hash: Dockerfile:400

Warn: containerImage not pinned by hash: Dockerfile:406

Warn: containerImage not pinned by hash: Dockerfile:423

Warn: containerImage not pinned by hash: Dockerfile:424

Warn: containerImage not pinned by hash: Dockerfile:425

Warn: containerImage not pinned by hash: Dockerfile:426

Warn: containerImage not pinned by hash: Dockerfile:427

Warn: containerImage not pinned by hash: Dockerfile:428

Warn: containerImage not pinned by hash: Dockerfile:430

Warn: containerImage not pinned by hash: Dockerfile:466

Warn: containerImage not pinned by hash: Dockerfile:476

Warn: containerImage not pinned by hash: Dockerfile:478

Warn: containerImage not pinned by hash: Dockerfile:484

Warn: containerImage not pinned by hash: Dockerfile:541

Warn: containerImage not pinned by hash: Dockerfile:616

Warn: containerImage not pinned by hash: Dockerfile:628

Warn: containerImage not pinned by hash: Dockerfile:635

Warn: containerImage not pinned by hash: Dockerfile:644

Warn: containerImage not pinned by hash: Dockerfile.simple:13

Warn: containerImage not pinned by hash: Dockerfile.windows:159

Warn: containerImage not pinned by hash: contrib/busybox/Dockerfile:18

Warn: containerImage not pinned by hash: contrib/httpserver/Dockerfile:1: pin your Docker image by updating busybox to busybox@sha256:f64ff79725d0070955b368a4ef8dc729bd8f3d8667823904adcb299fe58fc3da

Warn: containerImage not pinned by hash: contrib/nnp-test/Dockerfile:1: pin your Docker image by updating debian:bookworm-slim to debian:bookworm-slim@sha256:90522eeb7e5923ee2b871c639059537b30521272f10ca86fdbbbb2b75a8c40cd

Warn: containerImage not pinned by hash: contrib/syscall-test/Dockerfile:1: pin your Docker image by updating debian:bookworm-slim to debian:bookworm-slim@sha256:90522eeb7e5923ee2b871c639059537b30521272f10ca86fdbbbb2b75a8c40cd

Warn: containerImage not pinned by hash: hack/dockerfiles/generate-files.Dockerfile:8

Warn: containerImage not pinned by hash: hack/dockerfiles/generate-files.Dockerfile:22

Warn: containerImage not pinned by hash: hack/dockerfiles/generate-files.Dockerfile:34

Warn: containerImage not pinned by hash: hack/dockerfiles/generate-files.Dockerfile:48

Warn: containerImage not pinned by hash: hack/dockerfiles/generate-files.Dockerfile:60

Warn: containerImage not pinned by hash: hack/dockerfiles/govulncheck.Dockerfile:7

Warn: containerImage not pinned by hash: hack/dockerfiles/govulncheck.Dockerfile:15

Warn: containerImage not pinned by hash: libnetwork/cmd/diagnostic/Dockerfile.client:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c

Warn: containerImage not pinned by hash: libnetwork/cmd/diagnostic/Dockerfile.dind:1: pin your Docker image by updating docker:17.12-dind to docker:17.12-dind@sha256:015f2060ca189adb658d2aa16fbc9acb9a6ce902d0914affcf22c7d2edef3ad8

Warn: containerImage not pinned by hash: libnetwork/cmd/networkdb-test/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c

Warn: containerImage not pinned by hash: libnetwork/cmd/ssd/Dockerfile:1: pin your Docker image by updating alpine:3.7 to alpine:3.7@sha256:8421d9a84432575381bfabd248f1eb56f3aa21d9d7cd2511583c68c9b7511d10

Warn: containerImage not pinned by hash: libnetwork/support/Dockerfile:1: pin your Docker image by updating docker:18-dind to docker:18-dind@sha256:86df3c3573065f2c6f24cd925fd5bc3a0aff899bdf664ff4d2e3ebab26d96bed

Warn: goCommand not pinned by hash: Dockerfile:226-229

Warn: pipCommand not pinned by hash: libnetwork/cmd/ssd/Dockerfile:22-30

Warn: pipCommand not pinned by hash: libnetwork/cmd/ssd/Dockerfile:33

Warn: goCommand not pinned by hash: vendor/github.com/agext/levenshtein/test.sh:5

Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/benchmark.sh:10

Info: 0 out of 79 GitHub-owned GitHubAction dependencies pinned

Info: 0 out of 54 third-party GitHubAction dependencies pinned

Info: 0 out of 3 goCommand dependencies pinned

Info: 0 out of 2 pipCommand dependencies pinned

Info: 0 out of 80 containerImage dependencies pinned