Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add-codeowners-to-pr.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/add-codeowners-to-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add-labels.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/add-labels.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-assign-owners.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/auto-assign-owners.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-update-jmx-metrics-component.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/auto-update-jmx-metrics-component.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-update-jmx-metrics-component.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/auto-update-jmx-metrics-component.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-arm.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-arm.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-arm.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-arm.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-arm.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-arm.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-darwin.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-darwin.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-darwin.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-darwin.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-darwin.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-darwin.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-darwin.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-darwin.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-darwin.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-darwin.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-darwin.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-darwin.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-darwin.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-darwin.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-windows.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-windows.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test-windows.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:329: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:330: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:551: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:552: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:562: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:576: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:600: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:632: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:363: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:364: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:371: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:457: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:272: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:273: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:280: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:294: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:501: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:502: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:509: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:527: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:614: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:403: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:410: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:429: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:430: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:437: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:536: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:538: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/build-and-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/changelog.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/changelog.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/changelog.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-codeowners.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/check-codeowners.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-codeowners.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/check-codeowners.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-codeowners.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/check-codeowners.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-codeowners.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/check-codeowners.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-codeowners.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/check-codeowners.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-links.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/check-links.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-links.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/check-links.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-links.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/check-links.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/close-stale.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/close-stale.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests-windows.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests-windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/e2e-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-component-labels.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/generate-component-labels.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-weekly-report.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/generate-weekly-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-weekly-report.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/generate-weekly-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/load-tests.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/load-tests.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/load-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mark-issues-as-stale.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/mark-issues-as-stale.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/milestone-add-to-pr.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/milestone-add-to-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ping-codeowners-issues.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/ping-codeowners-issues.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ping-codeowners-on-new-issue.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/ping-codeowners-on-new-issue.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ping-codeowners-prs.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/ping-codeowners-prs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/prepare-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/prepare-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/prepare-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prometheus-compliance-tests.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/prometheus-compliance-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prometheus-compliance-tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/prometheus-compliance-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prometheus-compliance-tests.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/prometheus-compliance-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prometheus-compliance-tests.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/prometheus-compliance-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shellcheck.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/shellcheck.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/shellcheck.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/shellcheck.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/shellcheck.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/shellcheck.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/telemetrygen.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/telemetrygen.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tidy-dependencies.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/tidy-dependencies.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tidy-dependencies.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/tidy-dependencies.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tidy-dependencies.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/tidy-dependencies.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tidy-dependencies.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-collector-contrib/tidy-dependencies.yml/main?enable=pin
Warn: containerImage not pinned by hash: cmd/otelcontribcol/Dockerfile:1
Warn: containerImage not pinned by hash: cmd/telemetrygen/Dockerfile:1
Warn: containerImage not pinned by hash: examples/demo/client/Dockerfile:3
Warn: containerImage not pinned by hash: examples/demo/client/Dockerfile:8: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: examples/demo/server/Dockerfile:3
Warn: containerImage not pinned by hash: examples/demo/server/Dockerfile:8: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: exporter/clickhouseexporter/example/Dockerfile:1
Warn: containerImage not pinned by hash: exporter/clickhouseexporter/example/Dockerfile:4: pin your Docker image by updating golang:latest to golang:latest@sha256:70031844b8c225351d0bb63e2c383f80db85d92ba894e3da7e13bcf80efa9a37
Warn: containerImage not pinned by hash: exporter/loadbalancingexporter/example/Dockerfile:1
Warn: containerImage not pinned by hash: exporter/loadbalancingexporter/example/Dockerfile:8
Warn: containerImage not pinned by hash: exporter/splunkhecexporter/example/Dockerfile:1
Warn: containerImage not pinned by hash: exporter/splunkhecexporter/example/Dockerfile:8
Warn: containerImage not pinned by hash: receiver/simpleprometheusreceiver/examples/federation/prom-counter/Dockerfile:1
Warn: npmCommand not pinned by hash: .github/workflows/changelog.yml:90
Warn: npmCommand not pinned by hash: .github/workflows/check-links.yaml:48
Warn: npmCommand not pinned by hash: .github/workflows/generate-weekly-report.yml:18
Info: 0 out of 145 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 20 third-party GitHubAction dependencies pinned
Info: 0 out of 13 containerImage dependencies pinned
Info: 0 out of 3 npmCommand dependencies pinned