Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/closed_references.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/closed_references.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/closed_references.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/closed_references.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/closed_references.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/closed_references.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conventional_commits.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/conventional_commits.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/conventional_commits.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/conventional_commits.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/conventional_commits.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/conventional_commits.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/cve-scan.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/cve-scan.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/format.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/format.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labels.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/labels.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/labels.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/labels.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/licenses.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/licenses.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/licenses.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/licenses.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/licenses.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/licenses.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/stale.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/test-e2e.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/test-e2e.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/test-e2e.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/test-e2e.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/test-e2e.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/test-e2e.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-integration.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/cli/test-integration.yaml/master?enable=pin
Warn: containerImage not pinned by hash: .docker/Dockerfile-alpine:1: pin your Docker image by updating alpine:3.20 to alpine:3.20@sha256:de4fe7064d8f98419ea6b49190df1abbf43450c1702eeb864fe9ced453c1cc5f
Warn: containerImage not pinned by hash: .docker/Dockerfile-build:1
Warn: containerImage not pinned by hash: .docker/Dockerfile-build:19: pin your Docker image by updating alpine:3.20 to alpine:3.20@sha256:de4fe7064d8f98419ea6b49190df1abbf43450c1702eeb864fe9ced453c1cc5f
Warn: containerImage not pinned by hash: .docker/Dockerfile-distroless-static:1: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:93
Info: 0 out of 20 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 19 third-party GitHubAction dependencies pinned
Info: 2 out of 3 npmCommand dependencies pinned
Info: 0 out of 4 containerImage dependencies pinned