Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/build.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-create-pd-pr.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/manual-create-pd-pr.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-create-pd-pr.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/manual-create-pd-pr.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-create-pd-pr.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/manual-create-pd-pr.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/manual-create-pd-pr.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/manual-create-pd-pr.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/release.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/release.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-docker-image.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/test-docker-image.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-docker-image.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/test-docker-image.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-docker-image.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/test-docker-image.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-docker-image.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/test-docker-image.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-e2e-snapshots.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/upload-e2e-snapshots.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload-e2e-snapshots.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/upload-e2e-snapshots.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-e2e-snapshots.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/upload-e2e-snapshots.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-e2e-snapshots.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/upload-e2e-snapshots.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-e2e-snapshots.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/upload-e2e-snapshots.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-e2e-snapshots.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/upload-e2e-snapshots.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-e2e-snapshots.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/upload-e2e-snapshots.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-e2e-snapshots.yaml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/pingcap/tidb-dashboard/upload-e2e-snapshots.yaml/master?enable=pin
Warn: containerImage not pinned by hash: dockerfiles/alpine316.Dockerfile:1
Warn: containerImage not pinned by hash: dockerfiles/alpine316.Dockerfile:39: pin your Docker image by updating alpine:3.16 to alpine:3.16@sha256:452e7292acee0ee16c332324d7de05fa2c99f9994ecc9f0779c602916a672ae4
Warn: containerImage not pinned by hash: dockerfiles/centos7.Dockerfile:1
Warn: containerImage not pinned by hash: dockerfiles/centos7.Dockerfile:48: pin your Docker image by updating centos:8 to centos:8@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Warn: npmCommand not pinned by hash: dockerfiles/alpine316.Dockerfile:15
Warn: downloadThenRun not pinned by hash: dockerfiles/centos7.Dockerfile:19
Warn: npmCommand not pinned by hash: dockerfiles/centos7.Dockerfile:21
Warn: downloadThenRun not pinned by hash: scripts/_inc/download_tools.sh:33
Warn: downloadThenRun not pinned by hash: scripts/lint.sh:25
Warn: downloadThenRun not pinned by hash: scripts/start_tiup.sh:27
Info: 0 out of 32 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 8 third-party GitHubAction dependencies pinned
Info: 0 out of 4 containerImage dependencies pinned
Info: 0 out of 2 npmCommand dependencies pinned
Info: 0 out of 4 downloadThenRun dependencies pinned