Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: scripts/build/ci-wix/Dockerfile:6
Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): scripts/build/ci-wix/Dockerfile:8-10
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/backport.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-version.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/bump-version.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-version.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/bump-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-version.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/bump-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-version.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/bump-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-version.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/bump-version.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/close-milestone.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/close-milestone.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commands.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/commands.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-build.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-report.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-report.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-report.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-report.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/detect-breaking-changes-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-validator.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/doc-validator.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/enterprise-pr-check.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/enterprise-pr-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/github-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/issue-labeled.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/issue-labeled.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/metrics-collector.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/metrics-collector.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/pr-checks.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-go.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/pr-codeql-analysis-go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-go.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/pr-codeql-analysis-go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-go.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/pr-codeql-analysis-go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-javascript.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/pr-codeql-analysis-javascript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-javascript.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/pr-codeql-analysis-javascript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-javascript.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/pr-codeql-analysis-javascript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-python.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/pr-codeql-analysis-python.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-python.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/pr-codeql-analysis-python.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-python.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/pr-codeql-analysis-python.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-commands.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/pr-commands.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/remove-milestone.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/remove-milestone.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/stale.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-changelog.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/yesoreyeram/grafana/update-changelog.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:23
Warn: containerImage not pinned by hash: Dockerfile:43: pin your Docker image by updating alpine:3.15 to alpine:3.15@sha256:19b4bcc4f60e99dd5ebdca0cbce22c503bbcff197549d7e19dab4f22254dc864
Warn: containerImage not pinned by hash: Dockerfile.ubuntu:1
Warn: containerImage not pinned by hash: Dockerfile.ubuntu:24
Warn: containerImage not pinned by hash: Dockerfile.ubuntu:41: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Warn: containerImage not pinned by hash: devenv/docker/blocks/alert_webhook_listener/Dockerfile:2: pin your Docker image by updating golang:latest to golang:latest@sha256:7ea4c9dcb2b97ff8ee80a67db3d44f98c8ffa0d191399197007d8459c1453041
Warn: containerImage not pinned by hash: devenv/docker/blocks/apache_proxy/Dockerfile:1: pin your Docker image by updating jmferrer/apache2-reverse-proxy:latest to jmferrer/apache2-reverse-proxy:latest@sha256:cd958b3505d180aa6f8b8491be8a9abdd1d8b0fdd2c1b382912f5d52a0df9d83
Warn: containerImage not pinned by hash: devenv/docker/blocks/apache_proxy_mac/Dockerfile:1: pin your Docker image by updating jmferrer/apache2-reverse-proxy:latest to jmferrer/apache2-reverse-proxy:latest@sha256:cd958b3505d180aa6f8b8491be8a9abdd1d8b0fdd2c1b382912f5d52a0df9d83
Warn: containerImage not pinned by hash: devenv/docker/blocks/collectd/Dockerfile:1: pin your Docker image by updating ubuntu:xenial to ubuntu:xenial@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6
Warn: containerImage not pinned by hash: devenv/docker/blocks/elastic/data/Dockerfile:1: pin your Docker image by updating node:16-alpine to node:16-alpine@sha256:a1f9d027912b58a7c75be7716c97cfbc6d3099f3a97ed84aa490be9dee20e787
Warn: containerImage not pinned by hash: devenv/docker/blocks/loki/data/Dockerfile:1: pin your Docker image by updating node:16-alpine to node:16-alpine@sha256:a1f9d027912b58a7c75be7716c97cfbc6d3099f3a97ed84aa490be9dee20e787
Warn: containerImage not pinned by hash: devenv/docker/blocks/mssql/build/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04 to mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04@sha256:bf3cc5fb2abfd327c6eeaf2a021869077298511eb6ded5fabd9a1e39ebff7c30
Warn: containerImage not pinned by hash: devenv/docker/blocks/mssql_arm64/build/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/azure-sql-edge:1.0.4 to mcr.microsoft.com/azure-sql-edge:1.0.4@sha256:209a502ac7d35a8e9d5ae777bca874930950a6bf0ec4915acf23390321c576e9
Warn: containerImage not pinned by hash: devenv/docker/blocks/mssql_tls/build/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04 to mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04@sha256:bf3cc5fb2abfd327c6eeaf2a021869077298511eb6ded5fabd9a1e39ebff7c30
Warn: containerImage not pinned by hash: devenv/docker/blocks/multiple-openldap/admins-ldap-server.Dockerfile:3: pin your Docker image by updating debian:jessie to debian:jessie@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0
Warn: containerImage not pinned by hash: devenv/docker/blocks/multiple-openldap/ldap-server.Dockerfile:3: pin your Docker image by updating debian:jessie to debian:jessie@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0
Warn: containerImage not pinned by hash: devenv/docker/blocks/mysql_opendata/Dockerfile:3: pin your Docker image by updating mysql:latest to mysql:latest@sha256:0255b469f0135a0236d672d60e3154ae2f4538b146744966d96440318cc822c6
Warn: containerImage not pinned by hash: devenv/docker/blocks/mysql_tests/Dockerfile:2
Warn: containerImage not pinned by hash: devenv/docker/blocks/nginx_proxy/Dockerfile:1: pin your Docker image by updating nginx:1.19.3-alpine to nginx:1.19.3-alpine@sha256:5aa44b407756b274a600c7399418bdfb1d02c33317ae27fd5e8a333afb115db1
Warn: containerImage not pinned by hash: devenv/docker/blocks/nginx_proxy_mac/Dockerfile:1: pin your Docker image by updating nginx:1.19.3-alpine to nginx:1.19.3-alpine@sha256:5aa44b407756b274a600c7399418bdfb1d02c33317ae27fd5e8a333afb115db1
Warn: containerImage not pinned by hash: devenv/docker/blocks/openldap/Dockerfile:3: pin your Docker image by updating debian:jessie to debian:jessie@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0
Warn: containerImage not pinned by hash: devenv/docker/blocks/postgres_tests/Dockerfile:2
Warn: containerImage not pinned by hash: devenv/docker/blocks/prometheus/Dockerfile:1: pin your Docker image by updating prom/prometheus:latest to prom/prometheus:latest@sha256:565ee86501224ebbb98fc10b332fa54440b100469924003359edf49cbce374bd
Warn: containerImage not pinned by hash: devenv/docker/blocks/prometheus_basic_auth_proxy/Dockerfile:1: pin your Docker image by updating nginx:1.19.3-alpine to nginx:1.19.3-alpine@sha256:5aa44b407756b274a600c7399418bdfb1d02c33317ae27fd5e8a333afb115db1
Warn: containerImage not pinned by hash: devenv/docker/blocks/prometheus_random_data/Dockerfile:4
Warn: containerImage not pinned by hash: devenv/docker/blocks/slow_proxy/Dockerfile:1
Warn: containerImage not pinned by hash: devenv/docker/blocks/smtp/Dockerfile:1: pin your Docker image by updating centos:centos7 to centos:centos7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
Warn: containerImage not pinned by hash: devenv/docker/buildcontainer/Dockerfile:1: pin your Docker image by updating centos:6.6 to centos:6.6@sha256:32b80b90ba17ed16e9fa3430a49f53ff6de0d4c76ad8631717a1373d5921fa26
Warn: containerImage not pinned by hash: devenv/docker/debtest/Dockerfile:1: pin your Docker image by updating debian:jessie to debian:jessie@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0
Warn: containerImage not pinned by hash: devenv/local-npm/conf/nginx/Dockerfile:1: pin your Docker image by updating tutum/nginx to tutum/nginx@sha256:69a727916ab40de88f66407fb0115e35b759d7c6088852d901208479bec47429
Warn: containerImage not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/Dockerfile:1: pin your Docker image by updating alpine:3.15.0 to alpine:3.15.0@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300
Warn: containerImage not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci-e2e/Dockerfile:1: pin your Docker image by updating debian:buster-slim to debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc
Warn: containerImage not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci/Dockerfile:1: pin your Docker image by updating debian:testing-20210111-slim to debian:testing-20210111-slim@sha256:44be123bee11a02b547e243f7610a40f1c2e240ccdc451bbe40084609e645155
Warn: containerImage not pinned by hash: packaging/docker/Dockerfile:2
Warn: containerImage not pinned by hash: packaging/docker/Dockerfile:14
Warn: containerImage not pinned by hash: packaging/docker/custom/Dockerfile:3
Warn: containerImage not pinned by hash: packaging/docker/custom/ubuntu.Dockerfile:3
Warn: containerImage not pinned by hash: packaging/docker/ubuntu.Dockerfile:2
Warn: containerImage not pinned by hash: packaging/docker/ubuntu.Dockerfile:10
Warn: containerImage not pinned by hash: scripts/build/ci-build/Dockerfile:2
Warn: containerImage not pinned by hash: scripts/build/ci-build/Dockerfile:103: pin your Docker image by updating debian:stretch-20210208 to debian:stretch-20210208@sha256:d0b7b71db141cedc48e1c2807d12b199ffd7ffe75baf272a34c37480dc2159d1
Warn: containerImage not pinned by hash: scripts/build/ci-deploy/Dockerfile:1: pin your Docker image by updating debian:testing-20210111-slim to debian:testing-20210111-slim@sha256:44be123bee11a02b547e243f7610a40f1c2e240ccdc451bbe40084609e645155
Warn: containerImage not pinned by hash: scripts/build/ci-deploy/Dockerfile:22: pin your Docker image by updating debian:testing-20210111-slim to debian:testing-20210111-slim@sha256:44be123bee11a02b547e243f7610a40f1c2e240ccdc451bbe40084609e645155
Warn: containerImage not pinned by hash: scripts/build/ci-e2e/Dockerfile:1: pin your Docker image by updating node:12.19.0-buster-slim to node:12.19.0-buster-slim@sha256:abbfaad7758de248460d764e3b7177b2d0abc8c1b26c2895dec8afad999c01c8
Warn: containerImage not pinned by hash: scripts/build/ci-msi-build/Dockerfile:1: pin your Docker image by updating grafana/wix-toolset-ci:v3 to grafana/wix-toolset-ci:v3@sha256:7535b5c91d7c50adcae1ad49d95c629e8e3b9fe78e0d0c6f39195d0df44d274b
Warn: containerImage not pinned by hash: scripts/build/ci-wix/Dockerfile:2: pin your Docker image by updating mcr.microsoft.com/windows:1809 to mcr.microsoft.com/windows:1809@sha256:f8e1a37e5c35c3bfd54cae3cfac3195c80789aecdc32d88d72e3e9163daa9f9a
Warn: containerImage not pinned by hash: scripts/verify-repo-update/Dockerfile.deb:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Warn: containerImage not pinned by hash: scripts/verify-repo-update/Dockerfile.rpm:1: pin your Docker image by updating centos:7 to centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
Warn: pipCommand not pinned by hash: devenv/docker/blocks/collectd/Dockerfile:13
Warn: pipCommand not pinned by hash: scripts/build/ci-build/Dockerfile:119-151
Warn: goCommand not pinned by hash: scripts/build/ci-build/Dockerfile:177-182
Warn: goCommand not pinned by hash: scripts/build/ci-build/Dockerfile:177-182
Warn: pipCommand not pinned by hash: scripts/build/ci-deploy/Dockerfile:43-56
Warn: downloadThenRun not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/scripts/deploy.sh:55
Warn: goCommand not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/scripts/deploy.sh:59
Warn: npmCommand not pinned by hash: packages/grafana-toolkit/docker/grafana-plugin-ci-e2e/scripts/deploy.sh:22
Warn: goCommand not pinned by hash: scripts/mixin-check.sh:5
Warn: goCommand not pinned by hash: scripts/mixin-check.sh:6
Warn: npmCommand not pinned by hash: .github/workflows/backport.yml:20
Warn: npmCommand not pinned by hash: .github/workflows/bump-version.yml:82
Warn: npmCommand not pinned by hash: .github/workflows/close-milestone.yml:29
Warn: npmCommand not pinned by hash: .github/workflows/commands.yml:21
Warn: npmCommand not pinned by hash: .github/workflows/enterprise-pr-check.yml:19
Warn: npmCommand not pinned by hash: .github/workflows/github-release.yml:20
Warn: npmCommand not pinned by hash: .github/workflows/metrics-collector.yml:30
Warn: npmCommand not pinned by hash: .github/workflows/pr-checks.yml:31
Warn: npmCommand not pinned by hash: .github/workflows/pr-commands.yml:21
Warn: npmCommand not pinned by hash: .github/workflows/remove-milestone.yml:29
Warn: npmCommand not pinned by hash: .github/workflows/update-changelog.yml:31
Info: 0 out of 49 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 7 third-party GitHubAction dependencies pinned
Info: 0 out of 12 npmCommand dependencies pinned
Info: 0 out of 49 containerImage dependencies pinned
Info: 0 out of 3 pipCommand dependencies pinned
Info: 2 out of 7 goCommand dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned