Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:274: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:197: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/closed_references.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/closed_references.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/closed_references.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/closed_references.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/closed_references.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/closed_references.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conventional_commits.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/conventional_commits.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/conventional_commits.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/conventional_commits.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/conventional_commits.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/conventional_commits.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/cve-scan.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/cve-scan.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve-scan.yaml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/cve-scan.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/format.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/format.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labels.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/labels.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/labels.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/labels.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/licenses.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/licenses.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/licenses.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/licenses.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/licenses.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/licenses.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/milestone.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/milestone.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/milestone.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/milestone.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/milestone.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/milestone.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm_publish_grpc_client.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/npm_publish_grpc_client.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm_publish_grpc_client.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/npm_publish_grpc_client.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm_publish_typelib.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/npm_publish_typelib.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm_publish_typelib.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/npm_publish_typelib.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pm.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/pm.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-grpc-client.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/release-go-grpc-client.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-grpc-client.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/release-go-grpc-client.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/single-table-migration-e2e.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/single-table-migration-e2e.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/single-table-migration-e2e.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/single-table-migration-e2e.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/single-table-migration-e2e.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/single-table-migration-e2e.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/ory/keto/stale.yml/master?enable=pin
Warn: containerImage not pinned by hash: .docker/Dockerfile:1: pin your Docker image by updating alpine:3.21.0 to alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: .docker/Dockerfile-alpine:1: pin your Docker image by updating alpine:3.21.0 to alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: .docker/Dockerfile-build:2
Warn: containerImage not pinned by hash: .docker/Dockerfile-build:26
Warn: containerImage not pinned by hash: .docker/Dockerfile-distroless-static:1: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: .docker/Dockerfile-sqlite:1: pin your Docker image by updating alpine:3.21.0 to alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: downloadThenRun not pinned by hash: scripts/install-grype.sh:20
Warn: downloadThenRun not pinned by hash: scripts/install-licenses.sh:20
Warn: downloadThenRun not pinned by hash: scripts/install-ory.sh:20
Warn: downloadThenRun not pinned by hash: scripts/install-trivy.sh:20
Warn: downloadThenRun not pinned by hash: scripts/single-table-migration-e2e.sh:6
Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:28
Warn: npmCommand not pinned by hash: .github/workflows/npm_publish_grpc_client.yml:24
Warn: npmCommand not pinned by hash: .github/workflows/npm_publish_typelib.yml:24
Info: 0 out of 28 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 35 third-party GitHubAction dependencies pinned
Info: 0 out of 6 containerImage dependencies pinned
Info: 1 out of 1 goCommand dependencies pinned
Info: 0 out of 5 downloadThenRun dependencies pinned
Info: 1 out of 4 npmCommand dependencies pinned