Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): vendor/sigs.k8s.io/controller-runtime/Makefile:0
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-master.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-master.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-master.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-master.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-master.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-master.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-master.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-master.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-master.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-master.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/merge-to-master.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-master.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-master.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-master.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/merge-to-master.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-master.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-master.yaml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-master.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/merge-to-master.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-master.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-master.yaml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-master.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-release-branch.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-release-branch.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-release-branch.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-release-branch.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-release-branch.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-release-branch.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-release-branch.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-release-branch.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/merge-to-release-branch.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-release-branch.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-release-branch.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-release-branch.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/merge-to-release-branch.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-release-branch.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-to-release-branch.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/merge-to-release-branch.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/periodic-security-check.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/periodic-security-check.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/periodic-security-check.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/periodic-security-check.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/periodic-security-check.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/periodic-security-check.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/periodic-security-check.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/periodic-security-check.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/periodic-security-check.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/periodic-security-check.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/periodic-security-check.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/periodic-security-check.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks-build-images.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks-build-images.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks-build-images.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks-build-images.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks-build-images.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks-build-images.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks-build-images.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks-build-images.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks-clean-images.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks-clean-images.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks-push-images.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks-push-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks-push-images.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks-push-images.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:239: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:247: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:294: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:303: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:319: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:327: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:349: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:374: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:383: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:399: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:407: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:435: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:463: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:472: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:581: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:599: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:610: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:621: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:631: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:222: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:490: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:498: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:511: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:533: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:560: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:569: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:640: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:643: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yaml:648: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-checks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-cherry-pick-clean.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-pick-clean.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-cherry-picks.yaml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-cherry-picks.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labels.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-developer/service-binding-operator/pr-labels.yaml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:9: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02
Warn: containerImage not pinned by hash: build/Dockerfile:1: pin your Docker image by updating registry.access.redhat.com/ubi7/ubi-minimal:latest to registry.access.redhat.com/ubi7/ubi-minimal:latest@sha256:244564fff3841542a17abe5d7daf5c803676dc13af48ea5302218b31ee1c2db7
Warn: containerImage not pinned by hash: samples/apps/spring-elasticsearch/Dockerfile.app:2
Warn: containerImage not pinned by hash: samples/apps/spring-elasticsearch/Dockerfile.app:20
Warn: containerImage not pinned by hash: samples/apps/spring-petclinic/Dockerfile.app:2
Warn: containerImage not pinned by hash: samples/apps/spring-petclinic/Dockerfile.app:20
Warn: containerImage not pinned by hash: test/acceptance/Dockerfile.allure:1: pin your Docker image by updating quay.io/pmacik/yhxue911-python-allure to quay.io/pmacik/yhxue911-python-allure@sha256:4fff7d0af55948dd07f77070ba03931c2e19f7f28c5f57993912ca08d47e1145
Warn: containerImage not pinned by hash: test/acceptance/resources/apps/sbo-generic-test-app/Dockerfile:1: pin your Docker image by updating alpine:3.12 to alpine:3.12@sha256:c75ac27b49326926b803b9ed43bf088bc220d22556de1bc5f72d742c91398f69
Warn: containerImage not pinned by hash: test/charts/service-binding-operator/Dockerfile:1: pin your Docker image by updating registry.access.redhat.com/ubi8:8.5 to registry.access.redhat.com/ubi8:8.5@sha256:798025840cb82140df8d05775f7f55fff3b16a599bd5ca76b11594f7a9a595fa
Warn: pipCommand not pinned by hash: test/charts/service-binding-operator/Dockerfile:11
Warn: downloadThenRun not pinned by hash: install.sh:11
Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10
Warn: downloadThenRun not pinned by hash: .github/workflows/pr-checks.yaml:422
Info: 0 out of 59 GitHub-owned GitHubAction dependencies pinned
Info: 8 out of 40 third-party GitHubAction dependencies pinned
Info: 0 out of 10 containerImage dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 0 out of 2 downloadThenRun dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned