Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chart-upload.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/chart-upload.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chart-upload.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/chart-upload.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dco.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/dco.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dco.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/dco.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-postsubmit.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-postsubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-postsubmit.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-postsubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-postsubmit.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-postsubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go-presubmit.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-presubmit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-release.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-release.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go-release.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go-release.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-release.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/open-cluster-management-io/cluster-proxy/go-release.yml/main?enable=pin
Warn: containerImage not pinned by hash: cmd/Dockerfile:2
Warn: containerImage not pinned by hash: cmd/Dockerfile:41: pin your Docker image by updating alpine:3.13 to alpine:3.13@sha256:469b6e04ee185740477efa44ed5bdd64a07bbdd6c7e5f5d169e540889597b911
Warn: downloadThenRun not pinned by hash: .github/workflows/go-presubmit.yml:99
Info: 0 out of 21 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 7 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 2 out of 2 goCommand dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned