Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/codeql.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/codeql.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/codeql.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/fuzz.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/fuzz.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/fuzz.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/fuzz.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/fuzz.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/fuzz.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/go.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/go.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/go.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/go.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecards.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/scorecards.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecards.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/scorecards.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecards.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/moov-io/ach/scorecards.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile-openshift:2
Warn: containerImage not pinned by hash: Dockerfile-openshift:14: pin your Docker image by updating registry.access.redhat.com/ubi9/ubi-minimal:9.5-1736404155 to registry.access.redhat.com/ubi9/ubi-minimal:9.5-1736404155@sha256:b87097994ed62fbf1de70bc75debe8dacf3ea6e00dd577d74503ef66452c59d6
Warn: downloadThenRun not pinned by hash: openapi-generator:35
Info: 0 out of 33 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 1 third-party GitHubAction dependencies pinned
Info: 0 out of 3 containerImage dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned