Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-tests.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/ci-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-swagger.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/lint-swagger.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-swagger.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/lint-swagger.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-swagger.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/lint-swagger.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-swagger.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/lint-swagger.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-swagger.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/lint-swagger.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-swagger.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/lint-swagger.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/plugin-compiler-build.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/plugin-compiler-build.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/plugin-compiler-build.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/plugin-compiler-build.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/plugin-compiler-build.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/plugin-compiler-build.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/plugin-compiler-build.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/plugin-compiler-build.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/plugin-compiler-build.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/plugin-compiler-build.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/plugin-compiler-build.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/plugin-compiler-build.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/plugin-compiler-build.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/plugin-compiler-build.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/plugin-compiler-build.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/plugin-compiler-build.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr_agent.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/pr_agent.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tests.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tests.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tests.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tests.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:197: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:227: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:240: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:265: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:316: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:322: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:326: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:372: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:380: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:461: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:504: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:508: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:511: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:512: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:527: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:559: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:563: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:566: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:567: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:585: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/remove_old_draft_releases.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/remove_old_draft_releases.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-tyk-analytics.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/update-tyk-analytics.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-tyk-analytics.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/TykTechnologies/tyk/update-tyk-analytics.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:17: pin your Docker image by updating debian:bookworm to debian:bookworm@sha256:b877a1a3fdf02469440f1768cf69c9771338a875b7add5e80c45b756c92ac20a
Warn: containerImage not pinned by hash: ci/Dockerfile.distroless:3
Warn: containerImage not pinned by hash: ci/Dockerfile.distroless:12: pin your Docker image by updating gcr.io/distroless/base-debian12:latest to gcr.io/distroless/base-debian12:latest@sha256:e9d0321de8927f69ce20e39bfc061343cce395996dfc1f0db6540e5145bc63a5
Warn: containerImage not pinned by hash: ci/Dockerfile.std:3: pin your Docker image by updating debian:bookworm-slim to debian:bookworm-slim@sha256:d365f4920711a9074c4bcd178e8f457ee59250426441ab2a5f8106ed8fe948eb
Warn: containerImage not pinned by hash: ci/images/hybrid/Dockerfile:1: pin your Docker image by updating debian:bookworm-slim to debian:bookworm-slim@sha256:d365f4920711a9074c4bcd178e8f457ee59250426441ab2a5f8106ed8fe948eb
Warn: containerImage not pinned by hash: ci/images/plugin-compiler/Dockerfile:2
Warn: containerImage not pinned by hash: ci/tests/python-plugins/extend-python/Dockerfile:2
Warn: containerImage not pinned by hash: ci/tests/python-plugins/extend-python/Dockerfile:4: pin your Docker image by updating debian:bookworm-slim to debian:bookworm-slim@sha256:d365f4920711a9074c4bcd178e8f457ee59250426441ab2a5f8106ed8fe948eb
Warn: containerImage not pinned by hash: ci/tests/python-plugins/src/Dockerfile:2
Warn: containerImage not pinned by hash: ci/tests/python-plugins/src/Dockerfile:4: pin your Docker image by updating debian:bookworm-slim to debian:bookworm-slim@sha256:d365f4920711a9074c4bcd178e8f457ee59250426441ab2a5f8106ed8fe948eb
Warn: containerImage not pinned by hash: docs/plugins/python/Dockerfile:2
Warn: containerImage not pinned by hash: docs/plugins/python/Dockerfile:4: pin your Docker image by updating python:3.11-bookworm to python:3.11-bookworm@sha256:b337e1fd27dbacda505219f713789bf82766694095876769ea10c2d34b4f470b
Warn: pipCommand not pinned by hash: docs/plugins/python/Dockerfile:6
Warn: pipCommand not pinned by hash: docs/plugins/python/Dockerfile:6
Warn: pipCommand not pinned by hash: docs/plugins/python/Dockerfile:6
Warn: pipCommand not pinned by hash: .github/workflows/ci-tests.yml:139
Warn: pipCommand not pinned by hash: .github/workflows/ci-tests.yml:140
Warn: pipCommand not pinned by hash: .github/workflows/ci-tests.yml:141
Warn: pipCommand not pinned by hash: .github/workflows/ci-tests.yml:142
Warn: npmCommand not pinned by hash: .github/workflows/lint-swagger.yml:26
Warn: pipCommand not pinned by hash: .github/workflows/release.yml:389
Info: 0 out of 33 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 44 third-party GitHubAction dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned
Info: 0 out of 13 containerImage dependencies pinned
Info: 2 out of 2 goCommand dependencies pinned
Info: 0 out of 8 pipCommand dependencies pinned