Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/approve-bot-pr.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/approve-bot-pr.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/approve-bot-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/approve-bot-pr.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/approve-bot-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/create-draft-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/create-draft-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/create-draft-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/create-draft-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/create-draft-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/create-draft-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/create-draft-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/create-draft-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/create-draft-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/create-draft-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/create-draft-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-pr.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/label-pr.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-pr.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/label-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-yaml.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/lint-yaml.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-yaml.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/lint-yaml.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-yaml.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/lint-yaml.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-releases.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/publish-releases.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-releases.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/publish-releases.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-buildpackage.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/push-buildpackage.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-buildpackage.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/push-buildpackage.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-buildpackage.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/push-buildpackage.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-buildpackage.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/push-buildpackage.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/synchronize-labels.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/synchronize-labels.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/synchronize-labels.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/synchronize-labels.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/test-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/test-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/test-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/test-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/test-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:316: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:319: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:330: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:340: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:357: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:368: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:377: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:383: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:396: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:233: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:256: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:267: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-dependencies-from-metadata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-github-config.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-github-config.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-github-config.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-github-config.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-github-config.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-github-config.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-github-config.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-github-config.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-go-mod-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-go-mod-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-go-mod-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-go-mod-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-go-mod-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-go-mod-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-go-mod-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/dotnet-core-sdk/update-go-mod-version.yml/main?enable=pin
Warn: goCommand not pinned by hash: scripts/.util/tools.sh:195
Warn: pipCommand not pinned by hash: .github/workflows/lint-yaml.yml:28
Info: 0 out of 42 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 39 third-party GitHubAction dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned