Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarking-image.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/benchmarking-image.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmarking-image.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/benchmarking-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarking-image.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/benchmarking-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarking-image.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/benchmarking-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarking-image.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/benchmarking-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmarking-image.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/benchmarking-image.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-audit.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-audit.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-audit.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-docs.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-docs.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-docs.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-docs.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-docs.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-docs.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-docs.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-docs.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-docs.yaml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-docs.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-examples.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-examples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-examples.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-examples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-examples.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-examples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-examples.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-examples.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-examples.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-examples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-lint.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-longtest.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-longtest.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-longtest.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-longtest.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-reproducibility.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-reproducibility.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:437: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:440: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:482: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:485: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:459: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:462: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:266: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:394: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:406: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:426: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:510: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:522: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:197: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:247: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:309: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:318: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:371: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test.yaml:378: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/ci-test.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-rofl-containers.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/release-rofl-containers.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-rofl-containers.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/release-rofl-containers.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-rofl-containers.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/release-rofl-containers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rofl-dev-image.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/rofl-dev-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/rofl-dev-image.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/rofl-dev-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/rofl-dev-image.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/rofl-dev-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/rofl-dev-image.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/rofl-dev-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/rofl-dev-image.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/rofl-dev-image.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime-builder-image.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/runtime-builder-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime-builder-image.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/runtime-builder-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime-builder-image.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/runtime-builder-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime-builder-image.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/runtime-builder-image.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime-builder-image.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/oasis-sdk/runtime-builder-image.yml/main?enable=pin
Warn: containerImage not pinned by hash: docker/rofl-dev/Dockerfile:1
Warn: containerImage not pinned by hash: docker/runtime-builder/Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:ed1544e454989078f5dec1bfdabd8c5cc9c48e0705d07b678ab6ae3fb61952d2
Warn: containerImage not pinned by hash: tests/benchmark/Dockerfile:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Info: 0 out of 57 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 23 third-party GitHubAction dependencies pinned
Info: 0 out of 3 containerImage dependencies pinned
Info: 8 out of 8 npmCommand dependencies pinned