Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/push.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scrape.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/scrape.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scrape.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/scrape.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/tag.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/tag.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/tag.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/tag.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/tag.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/tag.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/tag.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/tag.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/tag.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/streambinder/spotitube/tag.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:2
Warn: containerImage not pinned by hash: Dockerfile:11: pin your Docker image by updating alpine:3 to alpine:3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: goCommand not pinned by hash: .github/workflows/push.yml:59
Info: 0 out of 21 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 14 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned