Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-darwin.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-darwin.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-darwin.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-darwin.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-darwin.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-darwin.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-freebsd.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-freebsd.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golang-test-freebsd.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-freebsd.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:247: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:307: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:329: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:335: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:343: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:373: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:379: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-linux.yml:387: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-linux.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-windows.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-windows.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-test-windows.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-windows.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golang-test-windows.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golang-test-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golangci-lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golangci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golangci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golangci-lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/golangci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/install-script-test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/install-script-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mobile-build-validation.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/mobile-build-validation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mobile-build-validation.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/mobile-build-validation.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/mobile-build-validation.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/mobile-build-validation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mobile-build-validation.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/mobile-build-validation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mobile-build-validation.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/mobile-build-validation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mobile-build-validation.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/mobile-build-validation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mobile-build-validation.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/mobile-build-validation.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:208: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:220: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/sync-main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-tag.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/sync-tag.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-infrastructure-files.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/test-infrastructure-files.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-infrastructure-files.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/test-infrastructure-files.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-infrastructure-files.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/test-infrastructure-files.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-infrastructure-files.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/test-infrastructure-files.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-docs.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/netbirdio/netbird/update-docs.yml/main?enable=pin
Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating golang:1.23-bullseye to golang:1.23-bullseye@sha256:80eb3147ef40b58d527d9c2e634b1a79a750aee09de6f973844db38b33f0550b
Warn: containerImage not pinned by hash: client/Dockerfile:1: pin your Docker image by updating alpine:3.21.0 to alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: client/Dockerfile-rootless:1: pin your Docker image by updating alpine:3.21.0 to alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: management/Dockerfile:1: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782
Warn: containerImage not pinned by hash: management/Dockerfile.debug:1: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782
Warn: containerImage not pinned by hash: relay/Dockerfile:1: pin your Docker image by updating gcr.io/distroless/base:debug to gcr.io/distroless/base:debug@sha256:3a59a8d10471fc8487fd2ca93746b0195ed4c3236c14fe8412cf7b2ec4b8c1f3
Warn: containerImage not pinned by hash: signal/Dockerfile:1: pin your Docker image by updating gcr.io/distroless/base:debug to gcr.io/distroless/base:debug@sha256:3a59a8d10471fc8487fd2ca93746b0195ed4c3236c14fe8412cf7b2ec4b8c1f3
Warn: goCommand not pinned by hash: .devcontainer/Dockerfile:3-12
Warn: goCommand not pinned by hash: client/proto/generate.sh:14
Warn: goCommand not pinned by hash: client/proto/generate.sh:15
Warn: goCommand not pinned by hash: management/proto/generate.sh:14
Warn: goCommand not pinned by hash: management/proto/generate.sh:15
Warn: goCommand not pinned by hash: signal/proto/generate.sh:14
Warn: goCommand not pinned by hash: signal/proto/generate.sh:15
Warn: goCommand not pinned by hash: .github/workflows/release.yml:73
Warn: goCommand not pinned by hash: .github/workflows/release.yml:152
Info: 0 out of 57 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 20 third-party GitHubAction dependencies pinned
Info: 0 out of 7 containerImage dependencies pinned
Info: 3 out of 12 goCommand dependencies pinned