Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-push-images.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/build-and-push-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-push-images.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/build-and-push-images.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-push-images.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/build-and-push-images.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-stale.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/github-stale.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-e2e.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-go.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-go.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-go.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-go.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-go.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-go.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-go.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-go.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-go.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-go.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-go.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-go.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-python.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-python.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-python.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-python.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-python.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/kubeflow/trainer/test-python.yaml/master?enable=pin
Warn: containerImage not pinned by hash: cmd/initializers/dataset/Dockerfile:1: pin your Docker image by updating python:3.11-alpine to python:3.11-alpine@sha256:8068890a42d68ece5b62455ef327253249b5f094dcdee57f492635a40217f6a3
Warn: containerImage not pinned by hash: cmd/initializers/model/Dockerfile:1: pin your Docker image by updating python:3.11-alpine to python:3.11-alpine@sha256:8068890a42d68ece5b62455ef327253249b5f094dcdee57f492635a40217f6a3
Warn: containerImage not pinned by hash: cmd/runtimes/deepspeed/Dockerfile:1
Warn: containerImage not pinned by hash: cmd/runtimes/deepspeed/Dockerfile:2: pin your Docker image by updating nvidia/cuda:12.8.1-devel-ubuntu22.04 to nvidia/cuda:12.8.1-devel-ubuntu22.04@sha256:a99a1860ba8e2916e5c3e73b72ec4c4301653a84586e05bfc9a2aa2d58027e97
Warn: containerImage not pinned by hash: cmd/runtimes/mlx/Dockerfile:1
Warn: containerImage not pinned by hash: cmd/runtimes/mlx/Dockerfile:2: pin your Docker image by updating debian:trixie to debian:trixie@sha256:3ae423d8367ae00e509ff848b493c9e3710b48fcedac997dad061fe3d3b158dd
Warn: containerImage not pinned by hash: cmd/trainer-controller-manager/Dockerfile:2
Warn: containerImage not pinned by hash: cmd/trainer-controller-manager/Dockerfile:17: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:627d6c5a23ad24e6bdff827f16c7b60e0289029b0c79e9f7ccd54ae3279fb45f
Warn: containerImage not pinned by hash: cmd/trainers/torchtune/Dockerfile:1: pin your Docker image by updating pytorch/pytorch:2.7.1-cuda12.8-cudnn9-runtime to pytorch/pytorch:2.7.1-cuda12.8-cudnn9-runtime@sha256:c16f4c749e2d9e96878875cdf6cc45cddda1d1a36fddd371dd6f2360f1b6e2a2
Warn: pipCommand not pinned by hash: cmd/initializers/dataset/Dockerfile:10
Warn: pipCommand not pinned by hash: cmd/initializers/model/Dockerfile:10
Warn: pipCommand not pinned by hash: cmd/runtimes/deepspeed/Dockerfile:35
Warn: pipCommand not pinned by hash: cmd/runtimes/mlx/Dockerfile:27
Warn: pipCommand not pinned by hash: cmd/runtimes/mlx/Dockerfile:30
Warn: pipCommand not pinned by hash: cmd/trainers/torchtune/Dockerfile:9
Warn: pipCommand not pinned by hash: .github/workflows/test-e2e.yaml:42
Warn: pipCommand not pinned by hash: .github/workflows/test-e2e.yaml:45
Info: 0 out of 14 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 5 third-party GitHubAction dependencies pinned
Info: 0 out of 9 containerImage dependencies pinned
Info: 0 out of 8 pipCommand dependencies pinned