Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/base-images.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/base-images.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/base-images.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/base-images.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/base-images.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/base-images.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-latest-images.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/check-latest-images.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-latest-images.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/check-latest-images.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cleanup-nightly-assets.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/cleanup-nightly-assets.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/issues.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/nightly.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/nightly.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/nightly.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/nightly.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/report-release-vulnerabilities.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/report-release-vulnerabilities.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/report-release-vulnerabilities.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/report-release-vulnerabilities.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/report-release-vulnerabilities.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/report-release-vulnerabilities.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/report-release-vulnerabilities.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/report-release-vulnerabilities.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/report-release-vulnerabilities.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/report-release-vulnerabilities.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-tekton-version.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/update-tekton-version.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-tekton-version.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/update-tekton-version.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-tekton-version.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/update-tekton-version.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/verify.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/verify.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/shipwright-io/build/verify.yaml/main?enable=pin
Warn: containerImage not pinned by hash: images/base/Dockerfile:4: pin your Docker image by updating registry.access.redhat.com/ubi9-minimal:latest to registry.access.redhat.com/ubi9-minimal:latest@sha256:14f14e03d68f7fd5f2b18a13478b6b127c341b346c86b6e0b886ed2b7573b8e0
Warn: containerImage not pinned by hash: images/git/Dockerfile:7
Warn: containerImage not pinned by hash: images/image-processing/Dockerfile:6
Warn: containerImage not pinned by hash: images/image-processing/Dockerfile:13
Warn: containerImage not pinned by hash: images/waiter/Dockerfile:7
Warn: goCommand not pinned by hash: hack/install-counterfeiter.sh:8
Warn: downloadThenRun not pinned by hash: hack/install-trivy.sh:28
Warn: goCommand not pinned by hash: vendor/github.com/go-git/go-git/v5/oss-fuzz.sh:20
Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10
Warn: downloadThenRun not pinned by hash: .github/workflows/report-release-vulnerabilities.yaml:31
Warn: downloadThenRun not pinned by hash: .github/workflows/report-release-vulnerabilities.yaml:37
Warn: goCommand not pinned by hash: .github/workflows/report-release-vulnerabilities.yaml:39
Warn: goCommand not pinned by hash: .github/workflows/report-release-vulnerabilities.yaml:49
Info: 0 out of 23 GitHub-owned GitHubAction dependencies pinned
Info: 2 out of 21 third-party GitHubAction dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned
Info: 0 out of 5 goCommand dependencies pinned
Info: 0 out of 3 downloadThenRun dependencies pinned