Warn: third-party GitHubAction not pinned by hash: .github/workflows/addToAPMProject.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/addToAPMProject.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/addToAPMProject.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/addToAPMProject.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/labeler.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/labeler.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/microbenchmark.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/microbenchmark.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updatecli.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/updatecli.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/updatecli.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/updatecli.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/updatecli.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/updatecli.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/updatecli.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/updatecli.yml/main?enable=pin
Warn: containerImage not pinned by hash: internal/tracecontexttest/Dockerfile:1: pin your Docker image by updating golang:latest to golang:latest@sha256:8c10f21bec412f08f73aa7b97ca5ac5f28a39d8a88030ad8a339fd0a781d72b4
Warn: containerImage not pinned by hash: internal/tracecontexttest/Dockerfile-harness:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: internal/tracecontexttest/Dockerfile-harness:6: pin your Docker image by updating python:3.12.5-slim-bookworm to python:3.12.5-slim-bookworm@sha256:c24c34b502635f1f7c4e99dc09a2cbd85d480b7dcfd077198c6b5af138906390
Warn: containerImage not pinned by hash: scripts/Dockerfile-sqlserver:1: pin your Docker image by updating mcr.microsoft.com/mssql/server:2022-latest to mcr.microsoft.com/mssql/server:2022-latest@sha256:d252932ef839c24c61c1139cc98f69c85ca774fa7c6bfaaa0015b7eb02b9dc87
Warn: containerImage not pinned by hash: scripts/Dockerfile-testing:2: pin your Docker image by updating golang:latest to golang:latest@sha256:8c10f21bec412f08f73aa7b97ca5ac5f28a39d8a88030ad8a339fd0a781d72b4
Warn: pipCommand not pinned by hash: internal/tracecontexttest/Dockerfile-harness:7
Warn: goCommand not pinned by hash: scripts/ci/setenv.sh:48
Warn: goCommand not pinned by hash: scripts/ci/setenv.sh:49
Warn: goCommand not pinned by hash: scripts/ci/setenv.sh:50
Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
Info: 4 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 0 out of 3 goCommand dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned