Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yaml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/apidiff.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/apidiff.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-branch.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/e2e-branch.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-branch.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/e2e-branch.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-branch.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/e2e-branch.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-branch.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/e2e-branch.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-branch.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/e2e-branch.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/lint.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/lint.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-publish.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/nightly-publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-publish.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/nightly-publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-publish.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/nightly-publish.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-publish.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/nightly-publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-publish.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/nightly-publish.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scan.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/scan.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/scan.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/scan.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/scan.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/scan.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/scan.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/scan.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/unit.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/unit.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/verify.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/aks-operator/verify.yaml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile.dapper:1: pin your Docker image by updating registry.suse.com/bci/bci-base:15.6 to registry.suse.com/bci/bci-base:15.6@sha256:4d4e17e3f91e06473102027df1416911bb98aa9711582e565cee94899d646be7
Warn: containerImage not pinned by hash: package/Dockerfile:2
Warn: containerImage not pinned by hash: package/Dockerfile:4
Warn: containerImage not pinned by hash: package/Dockerfile:8
Warn: containerImage not pinned by hash: package/Dockerfile:31: pin your Docker image by updating registry.suse.com/bci/bci-micro:15.6 to registry.suse.com/bci/bci-micro:15.6@sha256:5e083a58be832caed40c333ea1e2f3b3132117fb6ac2c110afd555a81b92b628
Warn: containerImage not pinned by hash: test/e2e/Dockerfile.e2e:1
Warn: containerImage not pinned by hash: test/e2e/Dockerfile.e2e:9
Warn: downloadThenRun not pinned by hash: Dockerfile.dapper:17-19
Info: 0 out of 17 GitHub-owned GitHubAction dependencies pinned
Info: 3 out of 15 third-party GitHubAction dependencies pinned
Info: 1 out of 1 goCommand dependencies pinned
Info: 0 out of 7 containerImage dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned