Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-release_registry_github.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker-release_registry_github.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-release_registry_github.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker-release_registry_github.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-release_registry_github.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker-release_registry_github.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-release_registry_github.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker-release_registry_github.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-release_registry_github.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker-release_registry_github.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_registry_github.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker_registry_github.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_registry_github.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker_registry_github.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_registry_github.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker_registry_github.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_registry_github.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/docker_registry_github.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/netsampler/goflow2/release.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:11: pin your Docker image by updating alpine:latest to alpine:latest@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: compose/kcg/grafana/Dockerfile:1
Warn: containerImage not pinned by hash: compose/kcg/grafana/Dockerfile:6: pin your Docker image by updating grafana/grafana:9.1.7 to grafana/grafana:9.1.7@sha256:8b81f1225bc450e56cdcaffbfa5a051b891c8332789960e7362c38edba73a123
Info: 0 out of 15 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 11 third-party GitHubAction dependencies pinned
Info: 0 out of 4 containerImage dependencies pinned