Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check_cirrus_cron.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/check_cirrus_cron.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check_cirrus_cron.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/check_cirrus_cron.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check_cirrus_cron.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/check_cirrus_cron.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check_cirrus_cron.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/check_cirrus_cron.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fcos-podman-next-build.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/fcos-podman-next-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fcos-podman-next-build.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/fcos-podman-next-build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fcos-podman-next-build.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/fcos-podman-next-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-labeler.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/issue-labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_pr_lock.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/issue_pr_lock.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue_pr_lock.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/issue_pr_lock.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue_pr_lock.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/issue_pr_lock.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeler.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mac-pkg.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/mac-pkg.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mac-pkg.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/mac-pkg.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mac-pkg.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/mac-pkg.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-artifacts.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release-artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-artifacts.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release-artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-artifacts.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release-artifacts.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-artifacts.yml:250: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/release-artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rerun_cirrus_cron.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/rerun_cirrus_cron.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rerun_cirrus_cron.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/rerun_cirrus_cron.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/rerun_cirrus_cron.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/rerun_cirrus_cron.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/stale.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-podmanio.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/update-podmanio.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-win-installer.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/upload-win-installer.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-win-installer.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/upload-win-installer.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload-win-installer.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/upload-win-installer.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-win-installer.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/containers/podman/upload-win-installer.yml/main?enable=pin
Warn: containerImage not pinned by hash: test/build/from-multiple-files/Dockerfile1.alpine:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/build/from-multiple-files/Dockerfile2.glob:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/build/from-multiple-files/Dockerfile2.withfrom:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/build/preserve-volumes/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/build/volume-perms/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/compose/env_and_volume/read/Dockerfile:1: pin your Docker image by updating quay.io/libpod/podman_python to quay.io/libpod/podman_python@sha256:b8cb8a86b0deb6ba0a9bb602b36bc61be41a0854c530a01c3a2582b77a6ed11a
Warn: containerImage not pinned by hash: test/compose/env_and_volume/write/Dockerfile:1: pin your Docker image by updating quay.io/libpod/podman_python to quay.io/libpod/podman_python@sha256:b8cb8a86b0deb6ba0a9bb602b36bc61be41a0854c530a01c3a2582b77a6ed11a
Warn: containerImage not pinned by hash: test/compose/mount_and_label/frontend/Dockerfile:1: pin your Docker image by updating quay.io/libpod/podman_python to quay.io/libpod/podman_python@sha256:b8cb8a86b0deb6ba0a9bb602b36bc61be41a0854c530a01c3a2582b77a6ed11a
Warn: containerImage not pinned by hash: test/compose/port_map_diff_port/frontend/Dockerfile:1: pin your Docker image by updating quay.io/libpod/podman_python to quay.io/libpod/podman_python@sha256:b8cb8a86b0deb6ba0a9bb602b36bc61be41a0854c530a01c3a2582b77a6ed11a
Warn: containerImage not pinned by hash: test/compose/simple_port_map/frontend/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/compose/uptwice/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/e2e/build/cache/Dockerfilecacheread:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/e2e/build/cache/Dockerfilecachewrite:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/e2e/build/containerignore-symlink/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/e2e/build/envwithtab/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/e2e/build/squash/Dockerfile.squash-a:1: pin your Docker image by updating quay.io/libpod/busybox:latest to quay.io/libpod/busybox:latest@sha256:a9286defaba7b3a519d585ba0e37d0b2cbee74ebfe590960b0b1d6a5e97d1e1d
Warn: containerImage not pinned by hash: test/e2e/build/squash/Dockerfile.squash-b:1
Warn: containerImage not pinned by hash: test/e2e/build/squash/Dockerfile.squash-c:1: pin your Docker image by updating quay.io/libpod/busybox:latest to quay.io/libpod/busybox:latest@sha256:a9286defaba7b3a519d585ba0e37d0b2cbee74ebfe590960b0b1d6a5e97d1e1d
Warn: containerImage not pinned by hash: test/e2e/build/workdir-symlink/Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: containerImage not pinned by hash: test/python/docker/build_labels/Dockerfile:1: pin your Docker image by updating quay.io/libpod/alpine:latest to quay.io/libpod/alpine:latest@sha256:fa93b01658e3a5a1686dc3ae55f170d8de487006fb53a28efcd12ab0710a2e5f
Warn: downloadThenRun not pinned by hash: hack/install_golangci.sh:19
Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10
Warn: pipCommand not pinned by hash: .github/workflows/fcos-podman-next-build.yml:33
Info: 0 out of 19 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 10 third-party GitHubAction dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 0 out of 20 containerImage dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned