Info: Possibly incomplete results: error parsing shell code: invalid var name: test/cli/test_cli_functions.sh:0
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-cnpg.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/build-cnpg.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/golangci-lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/golangci-lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/manual-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-build.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/manual-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/releaser.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/releaser.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/releaser.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/releaser.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_admission_test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_admission_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_admission_test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_admission_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_admission_test.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_admission_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_ci.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_ci.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_ci.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_ci.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_ci.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_cosi_test.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_cosi_test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_cosi_test.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_cosi_test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_cosi_test.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_cosi_test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_hac_test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_hac_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_hac_test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_hac_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_azure_vault_test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_azure_vault_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_azure_vault_test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_azure_vault_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_dev_test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_dev_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_dev_test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_dev_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_ibm_kp_test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_ibm_kp_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_ibm_kp_test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_ibm_kp_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_kmip_test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_kmip_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_kmip_test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_kmip_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_rotate_test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_rotate_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_rotate_test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_rotate_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_tls_sa_test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_tls_sa_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_tls_sa_test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_tls_sa_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_tls_token_test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_tls_token_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run_kms_tls_token_test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/run_kms_tls_token_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/testing.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/noobaa/noobaa-operator/testing.yml/master?enable=pin
Warn: containerImage not pinned by hash: build/Dockerfile:1: pin your Docker image by updating registry.access.redhat.com/ubi9/ubi-minimal:latest to registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:14f14e03d68f7fd5f2b18a13478b6b127c341b346c86b6e0b886ed2b7573b8e0
Warn: containerImage not pinned by hash: build/DockerfileDev:4
Warn: containerImage not pinned by hash: build/DockerfileDev:11
Warn: containerImage not pinned by hash: build/catalog-source.Dockerfile:1
Warn: containerImage not pinned by hash: pkg/util/kms/test/kmip/pykmip/Dockerfile:1: pin your Docker image by updating python:3.9-slim to python:3.9-slim@sha256:d1fd807555208707ec95b284afd10048d0737e84b5f2d6fdcbed2922b9284b56
Warn: goCommand not pinned by hash: build/DockerfileDev:7-8
Warn: goCommand not pinned by hash: build/DockerfileDev:7-8
Warn: pipCommand not pinned by hash: pkg/util/kms/test/kmip/pykmip/Dockerfile:2
Warn: pipCommand not pinned by hash: pkg/util/kms/test/kmip/pykmip/Dockerfile:3
Warn: pipCommand not pinned by hash: .travis/install-python.sh:5
Warn: pipCommand not pinned by hash: .travis/install-python.sh:6
Warn: goCommand not pinned by hash: .github/workflows/run_admission_test.yml:34
Warn: goCommand not pinned by hash: .github/workflows/run_admission_test.yml:35
Warn: goCommand not pinned by hash: .github/workflows/run_cosi_test.yaml:36
Warn: goCommand not pinned by hash: .github/workflows/run_cosi_test.yaml:37
Warn: goCommand not pinned by hash: .github/workflows/run_hac_test.yml:27
Warn: goCommand not pinned by hash: .github/workflows/run_hac_test.yml:28
Warn: goCommand not pinned by hash: .github/workflows/run_kms_azure_vault_test.yml:27
Warn: goCommand not pinned by hash: .github/workflows/run_kms_dev_test.yml:28
Warn: goCommand not pinned by hash: .github/workflows/run_kms_dev_test.yml:29
Warn: goCommand not pinned by hash: .github/workflows/run_kms_ibm_kp_test.yml:30
Warn: goCommand not pinned by hash: .github/workflows/run_kms_ibm_kp_test.yml:31
Warn: goCommand not pinned by hash: .github/workflows/run_kms_kmip_test.yml:28
Warn: goCommand not pinned by hash: .github/workflows/run_kms_kmip_test.yml:29
Warn: goCommand not pinned by hash: .github/workflows/run_kms_rotate_test.yml:27
Warn: goCommand not pinned by hash: .github/workflows/run_kms_rotate_test.yml:28
Warn: goCommand not pinned by hash: .github/workflows/run_kms_tls_sa_test.yml:35
Warn: goCommand not pinned by hash: .github/workflows/run_kms_tls_token_test.yml:36
Info: 0 out of 37 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned
Info: 3 out of 22 goCommand dependencies pinned
Info: 0 out of 4 pipCommand dependencies pinned