Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/coverage.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/coverage.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/coverage.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/deps.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deps.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/deps.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/lock.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/stale.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/testing.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/testing.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/testing.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-go/testing.yml/master?enable=pin
Warn: containerImage not pinned by hash: examples/features/csm_observability/client/Dockerfile:18
Warn: containerImage not pinned by hash: examples/features/csm_observability/client/Dockerfile:30: pin your Docker image by updating alpine to alpine@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: examples/features/csm_observability/server/Dockerfile:19
Warn: containerImage not pinned by hash: examples/features/csm_observability/server/Dockerfile:29: pin your Docker image by updating alpine to alpine@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: interop/observability/Dockerfile:20
Warn: containerImage not pinned by hash: interop/observability/Dockerfile:39: pin your Docker image by updating golang:1.23-bullseye to golang:1.23-bullseye@sha256:80eb3147ef40b58d527d9c2e634b1a79a750aee09de6f973844db38b33f0550b
Warn: containerImage not pinned by hash: interop/xds/client/Dockerfile:19
Warn: containerImage not pinned by hash: interop/xds/client/Dockerfile:32: pin your Docker image by updating alpine to alpine@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: interop/xds/server/Dockerfile:19
Warn: containerImage not pinned by hash: interop/xds/server/Dockerfile:32: pin your Docker image by updating alpine to alpine@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: goCommand not pinned by hash: scripts/regenerate.sh:34
Warn: goCommand not pinned by hash: scripts/vet.sh:26
Info: 0 out of 15 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 0 out of 10 containerImage dependencies pinned
Info: 1 out of 3 goCommand dependencies pinned