Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-agent.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-agent.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-agent.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/build-agent.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/commit.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/commit.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/commit.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/commit.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/commit.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/commit.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependabot_pr.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/dependabot_pr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependabot_pr.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/dependabot_pr.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot_pr.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/dependabot_pr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/docker-build.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/docker-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/docker-publish.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/docker-publish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/qa.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/qa.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/qa.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/qa.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/qa.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/qa.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/qa.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/qa.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/qa.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/qa.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/qa.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/qa.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/qa.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/shellhub-io/shellhub/qa.yml/master?enable=pin
Warn: containerImage not pinned by hash: agent/Dockerfile:2
Warn: containerImage not pinned by hash: agent/Dockerfile:19
Warn: containerImage not pinned by hash: agent/Dockerfile:39
Warn: containerImage not pinned by hash: agent/Dockerfile.amd64:1: pin your Docker image by updating golang:1.22.6-alpine3.19 to golang:1.22.6-alpine3.19@sha256:1bad39361dd21f2f881ce10ff810e40e5be3eba89a0b61e762e05ec42f9bbaf2
Warn: containerImage not pinned by hash: agent/Dockerfile.arm32v6:3: pin your Docker image by updating arm32v6/golang:1.22.6-alpine3.19 to arm32v6/golang:1.22.6-alpine3.19@sha256:bbd0321a37f6fa7fb27bc0422ca6c573bd3b43d710d708b31b594c16e215f443
Warn: containerImage not pinned by hash: agent/Dockerfile.arm32v7:3: pin your Docker image by updating arm32v7/golang:1.22.6-alpine3.19 to arm32v7/golang:1.22.6-alpine3.19@sha256:eb28f3293abb0029b097608fed0a3b503acb6238a33ed0d4d2f0b9067fe64292
Warn: containerImage not pinned by hash: agent/Dockerfile.arm64v8:3: pin your Docker image by updating arm64v8/golang:1.22.6-alpine3.19 to arm64v8/golang:1.22.6-alpine3.19@sha256:685062bdc57ab9ec317fe87c3f5397d0049824e400fb97705306fa786407a5d1
Warn: containerImage not pinned by hash: agent/Dockerfile.i386:1: pin your Docker image by updating golang:1.22.6-alpine3.19 to golang:1.22.6-alpine3.19@sha256:1bad39361dd21f2f881ce10ff810e40e5be3eba89a0b61e762e05ec42f9bbaf2
Warn: containerImage not pinned by hash: agent/Dockerfile.test:1: pin your Docker image by updating golang:1.22.6-alpine3.19 to golang:1.22.6-alpine3.19@sha256:1bad39361dd21f2f881ce10ff810e40e5be3eba89a0b61e762e05ec42f9bbaf2
Warn: containerImage not pinned by hash: api/Dockerfile:2
Warn: containerImage not pinned by hash: api/Dockerfile:21
Warn: containerImage not pinned by hash: api/Dockerfile:37
Warn: containerImage not pinned by hash: api/Dockerfile:63
Warn: containerImage not pinned by hash: cli/Dockerfile:2
Warn: containerImage not pinned by hash: cli/Dockerfile:18
Warn: containerImage not pinned by hash: cli/Dockerfile:33
Warn: containerImage not pinned by hash: cli/Dockerfile:52
Warn: containerImage not pinned by hash: cli/Dockerfile.test:2
Warn: containerImage not pinned by hash: gateway/Dockerfile:2
Warn: containerImage not pinned by hash: gateway/Dockerfile:19
Warn: containerImage not pinned by hash: gateway/Dockerfile:33
Warn: containerImage not pinned by hash: gateway/Dockerfile:59
Warn: containerImage not pinned by hash: ssh/Dockerfile:2
Warn: containerImage not pinned by hash: ssh/Dockerfile:21
Warn: containerImage not pinned by hash: ssh/Dockerfile:37
Warn: containerImage not pinned by hash: ssh/Dockerfile:59
Warn: containerImage not pinned by hash: ui/Dockerfile:1
Warn: containerImage not pinned by hash: ui/Dockerfile:13
Warn: containerImage not pinned by hash: ui/Dockerfile:26
Warn: containerImage not pinned by hash: ui/Dockerfile:38
Warn: npmCommand not pinned by hash: ui/Dockerfile:11
Warn: npmCommand not pinned by hash: .github/workflows/qa.yml:135
Info: 0 out of 20 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 14 third-party GitHubAction dependencies pinned
Info: 0 out of 30 containerImage dependencies pinned
Info: 17 out of 17 goCommand dependencies pinned
Info: 0 out of 2 npmCommand dependencies pinned