Info: Possibly incomplete results: error parsing shell code: invalid var name: scripts/release-packages.sh:197
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code_scanning.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/code_scanning.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code_scanning.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/code_scanning.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code_scanning.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/code_scanning.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/golang.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golang.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/golang.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/image.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/image.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/image.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/image.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image.yaml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/image.yaml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/image.yaml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/image.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image.yaml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/image.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/image.yaml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/image.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/NVIDIA/nvidia-container-toolkit/release.yaml/main?enable=pin
Warn: containerImage not pinned by hash: deployments/container/Dockerfile.packaging:17: pin your Docker image by updating nvidia/cuda:12.6.3-base-ubuntu20.04 to nvidia/cuda:12.6.3-base-ubuntu20.04@sha256:b0daeaac29cff5d2358b5ef11250441d15c3785e8e50c926efeadd8146f76413
Warn: containerImage not pinned by hash: deployments/container/Dockerfile.ubi8:18
Warn: containerImage not pinned by hash: deployments/container/Dockerfile.ubi8:50: pin your Docker image by updating nvidia/cuda:12.6.3-base-ubi8 to nvidia/cuda:12.6.3-base-ubi8@sha256:80e3d44bbacf665af0e37ca1cae963fbc8708a4c8fa535bd7b9b7ea18f2c11db
Warn: containerImage not pinned by hash: deployments/container/Dockerfile.ubuntu:18
Warn: containerImage not pinned by hash: deployments/container/Dockerfile.ubuntu:49: pin your Docker image by updating nvcr.io/nvidia/cuda:12.6.3-base-ubuntu20.04 to nvcr.io/nvidia/cuda:12.6.3-base-ubuntu20.04@sha256:b0daeaac29cff5d2358b5ef11250441d15c3785e8e50c926efeadd8146f76413
Warn: containerImage not pinned by hash: deployments/devel/Dockerfile:17: pin your Docker image by updating golang:1.23.4 to golang:1.23.4@sha256:9820aca42262f58451f006de3213055974b36f24b31508c1baa73c967fcecb99
Warn: containerImage not pinned by hash: docker/Dockerfile.debian:2
Warn: containerImage not pinned by hash: docker/Dockerfile.devel:16
Warn: containerImage not pinned by hash: docker/Dockerfile.opensuse-leap:2
Warn: containerImage not pinned by hash: docker/Dockerfile.rpm-yum:18
Warn: containerImage not pinned by hash: docker/Dockerfile.ubuntu:2
Warn: containerImage not pinned by hash: scripts/Dockerfile.sign.deb:1: pin your Docker image by updating ubuntu:18.04 to ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98
Warn: containerImage not pinned by hash: scripts/Dockerfile.sign.rpm:1: pin your Docker image by updating quay.io/centos/centos:stream8 to quay.io/centos/centos:stream8@sha256:20da069d4f8126c4517ee563e6e723d4cbe79ff62f6c4597f753478af91a09a3
Warn: containerImage not pinned by hash: tests/release/docker/centos8/Dockerfile:2
Warn: containerImage not pinned by hash: tests/release/docker/fedora35/Dockerfile:2
Warn: containerImage not pinned by hash: tests/release/docker/ubuntu18.04/Dockerfile:15: pin your Docker image by updating ubuntu:18.04 to ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98
Warn: goCommand not pinned by hash: docker/Dockerfile.devel:19
Warn: goCommand not pinned by hash: docker/Dockerfile.devel:21
Warn: goCommand not pinned by hash: docker/Dockerfile.devel:22
Warn: downloadThenRun not pinned by hash: docker/Dockerfile.devel:23
Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/benchmark.sh:10
Info: 0 out of 14 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 6 third-party GitHubAction dependencies pinned
Info: 0 out of 16 containerImage dependencies pinned
Info: 2 out of 6 goCommand dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned