Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): Dockerfile-windows.dapper:6-13
Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): Dockerfile-windows.dapper:15-31
Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): Dockerfile-windows.dapper:34-47
Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): package/windows/Dockerfile.agent:19-24
Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): package/windows/Dockerfile.agent:26-33
Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: tests/validation/tests/Dockerfiles/windows/metrics/Dockerfile:5-18
Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): tests/validation/tests/Dockerfiles/windows/nginx/Dockerfile:6-10
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/controller-test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/controller-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/controller-test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/controller-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fossa.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/fossa.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fossa.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/fossa.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fossa.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/fossa.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-get.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/go-get.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go-get.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/go-get.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-get.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/go-get.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-get.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/go-get.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/integration-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/integration-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/integration-tests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/promote-to-stable.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/promote-to-stable.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/promote-to-stable.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/promote-to-stable.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/promote-to-stable.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/promote-to-stable.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/promote-to-stable.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/promote-to-stable.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/promote-to-stable.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/promote-to-stable.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/provisioning-tests.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/provisioning-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/provisioning-tests.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/provisioning-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:232: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:361: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:365: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:367: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:373: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:512: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:516: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:519: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:525: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:531: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:556: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:562: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:584: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:590: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:276: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:280: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:396: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:400: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:408: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:459: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:464: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:470: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:476: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:481: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:483: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:485: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:491: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:640: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:654: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:676: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:682: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:706: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:234: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:252: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:315: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-release.yml:317: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-release.yml:331: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/push-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/replace-env-value.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/replace-env-value.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/replace-env-value.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/replace-env-value.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/stale.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/system-agent-upgrade.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/system-agent-upgrade.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/system-agent-upgrade.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/system-agent-upgrade.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/system-agent-upgrade.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/system-agent-upgrade.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/system-agent-upgrade.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/system-agent-upgrade.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/unit-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/validate.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/validate.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-generated-code-changes.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/verify-generated-code-changes.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-generated-code-changes.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/verify-generated-code-changes.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-generated-code-changes.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rancher/verify-generated-code-changes.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile-windows.dapper:1: pin your Docker image by updating library/golang:1.23 to library/golang:1.23@sha256:adfbe17b774398cb090ad257afd692f2b7e0e7aaa8ef0110a48f0a775e3964f4
Warn: containerImage not pinned by hash: Dockerfile.dapper:1: pin your Docker image by updating registry.suse.com/bci/golang:1.23 to registry.suse.com/bci/golang:1.23@sha256:d6031def875074036ecec2a7157e26667150c1c666f056f981f7501c8c4a45d3
Warn: containerImage not pinned by hash: package/Dockerfile:1
Warn: containerImage not pinned by hash: package/Dockerfile:4
Warn: containerImage not pinned by hash: package/Dockerfile:18
Warn: containerImage not pinned by hash: package/Dockerfile:238
Warn: containerImage not pinned by hash: package/Dockerfile:252
Warn: containerImage not pinned by hash: package/Dockerfile:277
Warn: containerImage not pinned by hash: package/Dockerfile.agent:8
Warn: containerImage not pinned by hash: package/Dockerfile.agent:30
Warn: containerImage not pinned by hash: package/Dockerfile.agent:32
Warn: containerImage not pinned by hash: package/Dockerfile.agent:34
Warn: containerImage not pinned by hash: package/Dockerfile.agent:48
Warn: containerImage not pinned by hash: package/Dockerfile.installer:3
Warn: containerImage not pinned by hash: package/Dockerfile.installer:5
Warn: containerImage not pinned by hash: package/windows/Dockerfile.agent:5
Warn: containerImage not pinned by hash: package/windows/Dockerfile.agent:17
Warn: containerImage not pinned by hash: tests/scripts/custodian/Dockerfile:1: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782
Warn: containerImage not pinned by hash: tests/v2/codecoverage/Dockerfile.buildcodecoverage:1: pin your Docker image by updating registry.suse.com/bci/golang:1.23 to registry.suse.com/bci/golang:1.23@sha256:d6031def875074036ecec2a7157e26667150c1c666f056f981f7501c8c4a45d3
Warn: containerImage not pinned by hash: tests/v2/codecoverage/Dockerfile.codecoverage:1: pin your Docker image by updating registry.suse.com/bci/golang:1.23 to registry.suse.com/bci/golang:1.23@sha256:d6031def875074036ecec2a7157e26667150c1c666f056f981f7501c8c4a45d3
Warn: containerImage not pinned by hash: tests/v2/codecoverage/package/Dockerfile:1
Warn: containerImage not pinned by hash: tests/v2/codecoverage/package/Dockerfile:4
Warn: containerImage not pinned by hash: tests/v2/codecoverage/package/Dockerfile:18
Warn: containerImage not pinned by hash: tests/v2/codecoverage/package/Dockerfile:232
Warn: containerImage not pinned by hash: tests/v2/codecoverage/package/Dockerfile:247
Warn: containerImage not pinned by hash: tests/v2/codecoverage/package/Dockerfile:272
Warn: containerImage not pinned by hash: tests/v2/codecoverage/package/Dockerfile.agent:8
Warn: containerImage not pinned by hash: tests/v2/codecoverage/package/Dockerfile.agent:30
Warn: containerImage not pinned by hash: tests/v2/codecoverage/package/Dockerfile.agent:32
Warn: containerImage not pinned by hash: tests/v2/codecoverage/package/Dockerfile.agent:34
Warn: containerImage not pinned by hash: tests/v2/codecoverage/package/Dockerfile.agent:48
Warn: containerImage not pinned by hash: tests/v2/validation/Dockerfile.e2e:1: pin your Docker image by updating registry.suse.com/bci/golang:1.23 to registry.suse.com/bci/golang:1.23@sha256:d6031def875074036ecec2a7157e26667150c1c666f056f981f7501c8c4a45d3
Warn: containerImage not pinned by hash: tests/v2/validation/Dockerfile.validation:1: pin your Docker image by updating registry.suse.com/bci/golang:1.23 to registry.suse.com/bci/golang:1.23@sha256:d6031def875074036ecec2a7157e26667150c1c666f056f981f7501c8c4a45d3
Warn: containerImage not pinned by hash: tests/validation/Dockerfile.rke:1: pin your Docker image by updating python:3.11 to python:3.11@sha256:68a8863d0625f42d47e0684f33ca02f19d6094ef859a8af237aaf645195ed477
Warn: containerImage not pinned by hash: tests/validation/Dockerfile.v3api:1: pin your Docker image by updating python:3.11 to python:3.11@sha256:68a8863d0625f42d47e0684f33ca02f19d6094ef859a8af237aaf645195ed477
Warn: containerImage not pinned by hash: tests/validation/tests/Dockerfiles/testcontainer/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:9d6b58feebd2dbd3c56ab5853333d627cc6e281011cfd6050fa4bcf2072c9496
Warn: containerImage not pinned by hash: tests/validation/tests/Dockerfiles/unprivileged-testcontainer/Dockerfile:1
Warn: containerImage not pinned by hash: tests/validation/tests/Dockerfiles/windows/metrics/Dockerfile:3
Warn: containerImage not pinned by hash: tests/validation/tests/Dockerfiles/windows/nginx/Dockerfile:3
Warn: containerImage not pinned by hash: tests/validation/tests/Dockerfiles/windows/testcontainer/Dockerfile:3
Warn: downloadThenRun not pinned by hash: Dockerfile.dapper:22-24
Warn: downloadThenRun not pinned by hash: Dockerfile.dapper:27-29
Warn: downloadThenRun not pinned by hash: tests/scripts/custodian/Dockerfile:38
Warn: pipCommand not pinned by hash: tests/scripts/custodian/Dockerfile:42
Warn: downloadThenRun not pinned by hash: tests/v2/codecoverage/Dockerfile.buildcodecoverage:13-17
Warn: goCommand not pinned by hash: tests/v2/codecoverage/Dockerfile.codecoverage:20-24
Warn: goCommand not pinned by hash: tests/v2/codecoverage/Dockerfile.codecoverage:20-24
Warn: goCommand not pinned by hash: tests/v2/codecoverage/Dockerfile.codecoverage:20-24
Warn: goCommand not pinned by hash: tests/v2/validation/Dockerfile.e2e:20-22
Warn: goCommand not pinned by hash: tests/v2/validation/Dockerfile.validation:16-17
Warn: pipCommand not pinned by hash: tests/validation/Dockerfile.rke:10-18
Warn: pipCommand not pinned by hash: tests/validation/Dockerfile.rke:10-18
Warn: pipCommand not pinned by hash: tests/validation/Dockerfile.v3api:19-49
Warn: pipCommand not pinned by hash: tests/validation/Dockerfile.v3api:19-49
Warn: goCommand not pinned by hash: tests/controllers/run_controller_tests.sh:5
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/install_k3s_master.sh:76
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/install_k3s_master.sh:80
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/install_k3s_master.sh:82
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/install_k3s_master.sh:89
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/install_k3s_master.sh:93
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/install_k3s_master.sh:95
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/join_k3s_master.sh:64
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/join_k3s_master.sh:68
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/join_k3s_master.sh:70
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/join_k3s_master.sh:76
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/join_k3s_master.sh:80
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/master/join_k3s_master.sh:82
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/worker/join_k3s_agent.sh:38
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/worker/join_k3s_agent.sh:42
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/k3s/worker/join_k3s_agent.sh:44
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/rke2/master/install_rke2_master.sh:57
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/rke2/master/install_rke2_master.sh:59
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/rke2/master/install_rke2_master.sh:76
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/rke2/master/join_rke2_master.sh:58
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/rke2/master/join_rke2_master.sh:60
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/rke2/master/join_rke2_master.sh:77
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/rke2/worker/join_rke2_agent.sh:55
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/rke2/worker/join_rke2_agent.sh:57
Warn: downloadThenRun not pinned by hash: tests/validation/tests/v3_api/resource/terraform/rke2/worker/join_rke2_agent.sh:72
Warn: downloadThenRun not pinned by hash: .github/workflows/integration-tests.yml:75
Warn: pipCommand not pinned by hash: .github/workflows/integration-tests.yml:85
Warn: pipCommand not pinned by hash: .github/workflows/integration-tests.yml:86
Warn: downloadThenRun not pinned by hash: .github/workflows/provisioning-tests.yml:88
Warn: pipCommand not pinned by hash: .github/workflows/validate.yml:28
Warn: pipCommand not pinned by hash: .github/workflows/validate.yml:29
Info: 0 out of 51 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 51 third-party GitHubAction dependencies pinned
Info: 0 out of 40 containerImage dependencies pinned
Info: 0 out of 30 downloadThenRun dependencies pinned
Info: 0 out of 9 pipCommand dependencies pinned
Info: 4 out of 10 goCommand dependencies pinned