Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/docker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:208: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/go.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/lock.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shell.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/shell.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/shell.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/gogs/gogs/shell.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:14: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Info: 0 out of 20 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 26 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned