Warn: third-party GitHubAction not pinned by hash: .github/workflows/addToAPMProject.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/addToAPMProject.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/addToAPMProject.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/addToAPMProject.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/labeler.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/labeler.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/microbenchmark.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/microbenchmark.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updatecli.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/updatecli.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/updatecli.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/updatecli.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/updatecli.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/updatecli.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/updatecli.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-go/updatecli.yml/main?enable=pin
Warn: containerImage not pinned by hash: internal/tracecontexttest/Dockerfile:1: pin your Docker image by updating golang:latest to golang:latest@sha256:f06d2bb355a67ccc6c23f3699766323a09ed0a4b724a6b25a300d4b30e01f02c
Warn: containerImage not pinned by hash: internal/tracecontexttest/Dockerfile-harness:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: internal/tracecontexttest/Dockerfile-harness:6: pin your Docker image by updating python:3.12.5-slim-bookworm to python:3.12.5-slim-bookworm@sha256:c24c34b502635f1f7c4e99dc09a2cbd85d480b7dcfd077198c6b5af138906390
Warn: containerImage not pinned by hash: scripts/Dockerfile-sqlserver:1: pin your Docker image by updating mcr.microsoft.com/mssql/server:2022-latest to mcr.microsoft.com/mssql/server:2022-latest@sha256:45a1a9d13ca5574cf8e0fe4ae73ab77248b66d9c3132ac9658fb6c16dd72a8af
Warn: containerImage not pinned by hash: scripts/Dockerfile-testing:2: pin your Docker image by updating golang:latest to golang:latest@sha256:f06d2bb355a67ccc6c23f3699766323a09ed0a4b724a6b25a300d4b30e01f02c
Warn: pipCommand not pinned by hash: internal/tracecontexttest/Dockerfile-harness:7
Warn: goCommand not pinned by hash: scripts/ci/setenv.sh:48
Warn: goCommand not pinned by hash: scripts/ci/setenv.sh:49
Warn: goCommand not pinned by hash: scripts/ci/setenv.sh:50
Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
Info: 4 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 0 out of 3 goCommand dependencies pinned