Warn: third-party GitHubAction not pinned by hash: .github/workflows/assign_issue.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/assign_issue.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/backport.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/backport.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/backport.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_docker.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_docker.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_docker.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_docker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_docker.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_docker.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_docker.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_docker.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_docker.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_docker.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_docker.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_release.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_release.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_release.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_release.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_release.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_release.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_release.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_release.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_test.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_test.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_test.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:263: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:290: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_test.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_test.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/build_test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/translate_issues.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/gorse-io/gorse/translate_issues.yml/master?enable=pin
Warn: containerImage not pinned by hash: cmd/gorse-in-one/Dockerfile:4: pin your Docker image by updating golang:1.23 to golang:1.23@sha256:8c10f21bec412f08f73aa7b97ca5ac5f28a39d8a88030ad8a339fd0a781d72b4
Warn: containerImage not pinned by hash: cmd/gorse-in-one/Dockerfile.windows:4: pin your Docker image by updating golang:1.23 to golang:1.23@sha256:8c10f21bec412f08f73aa7b97ca5ac5f28a39d8a88030ad8a339fd0a781d72b4
Warn: containerImage not pinned by hash: cmd/gorse-in-one/Dockerfile.windows:22: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2022 to mcr.microsoft.com/windows/servercore:ltsc2022@sha256:a7faef3c463f53996b00abff1cad6e979c75230bf9a55fdce77fe99c764971a5
Warn: containerImage not pinned by hash: cmd/gorse-master/Dockerfile:6: pin your Docker image by updating golang:1.23 to golang:1.23@sha256:8c10f21bec412f08f73aa7b97ca5ac5f28a39d8a88030ad8a339fd0a781d72b4
Warn: containerImage not pinned by hash: cmd/gorse-master/Dockerfile.windows:4: pin your Docker image by updating golang:1.23 to golang:1.23@sha256:8c10f21bec412f08f73aa7b97ca5ac5f28a39d8a88030ad8a339fd0a781d72b4
Warn: containerImage not pinned by hash: cmd/gorse-master/Dockerfile.windows:22: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2022 to mcr.microsoft.com/windows/servercore:ltsc2022@sha256:a7faef3c463f53996b00abff1cad6e979c75230bf9a55fdce77fe99c764971a5
Warn: containerImage not pinned by hash: cmd/gorse-server/Dockerfile:6: pin your Docker image by updating golang:1.23 to golang:1.23@sha256:8c10f21bec412f08f73aa7b97ca5ac5f28a39d8a88030ad8a339fd0a781d72b4
Warn: containerImage not pinned by hash: cmd/gorse-server/Dockerfile.windows:4: pin your Docker image by updating golang:1.23 to golang:1.23@sha256:8c10f21bec412f08f73aa7b97ca5ac5f28a39d8a88030ad8a339fd0a781d72b4
Warn: containerImage not pinned by hash: cmd/gorse-server/Dockerfile.windows:22: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2022 to mcr.microsoft.com/windows/servercore:ltsc2022@sha256:a7faef3c463f53996b00abff1cad6e979c75230bf9a55fdce77fe99c764971a5
Warn: containerImage not pinned by hash: cmd/gorse-worker/Dockerfile:6: pin your Docker image by updating golang:1.23 to golang:1.23@sha256:8c10f21bec412f08f73aa7b97ca5ac5f28a39d8a88030ad8a339fd0a781d72b4
Warn: containerImage not pinned by hash: cmd/gorse-worker/Dockerfile.windows:4: pin your Docker image by updating golang:1.23 to golang:1.23@sha256:8c10f21bec412f08f73aa7b97ca5ac5f28a39d8a88030ad8a339fd0a781d72b4
Warn: containerImage not pinned by hash: cmd/gorse-worker/Dockerfile.windows:22: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2022 to mcr.microsoft.com/windows/servercore:ltsc2022@sha256:a7faef3c463f53996b00abff1cad6e979c75230bf9a55fdce77fe99c764971a5
Warn: goCommand not pinned by hash: .github/workflows/build_release.yml:23
Warn: downloadThenRun not pinned by hash: .github/workflows/build_test.yml:113
Info: 0 out of 19 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 19 third-party GitHubAction dependencies pinned
Info: 0 out of 12 containerImage dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned