Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-docs.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-docs.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-docs.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-docs.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-go.yaml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-go.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-md.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-md.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-md.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-md.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-md.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-md.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-md.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/ci-md.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/pr.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-evm.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-evm.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-evm.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-evm.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-evm.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-evm.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-evm.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-evm.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-evm.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-evm.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-evm.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-evm.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-nakama.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-nakama.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-nakama.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-nakama.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-nakama.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-nakama.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-nakama.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-nakama.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-nakama.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-nakama.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-nakama.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-nakama.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-nakama.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/Argus-Labs/world-engine/release-nakama.yaml/main?enable=pin
Warn: containerImage not pinned by hash: e2e/testgames/game/Dockerfile:4
Warn: containerImage not pinned by hash: e2e/testgames/game/Dockerfile:27
Warn: containerImage not pinned by hash: e2e/testgames/game/Dockerfile:38
Warn: containerImage not pinned by hash: e2e/testgames/gamebenchmark/Dockerfile:1: pin your Docker image by updating golang:1.22 to golang:1.22@sha256:1a6e657ab55c424c837bd3f18289092caca0a106bcd114a8997b1d7fc81565b0
Warn: containerImage not pinned by hash: e2e/tests/bench/Dockerfile:1: pin your Docker image by updating golang:1.22 to golang:1.22@sha256:1a6e657ab55c424c837bd3f18289092caca0a106bcd114a8997b1d7fc81565b0
Warn: containerImage not pinned by hash: e2e/tests/nakama/Dockerfile:1: pin your Docker image by updating golang:1.22 to golang:1.22@sha256:1a6e657ab55c424c837bd3f18289092caca0a106bcd114a8997b1d7fc81565b0
Warn: containerImage not pinned by hash: evm/Dockerfile:4
Warn: containerImage not pinned by hash: evm/Dockerfile:24
Warn: containerImage not pinned by hash: relay/nakama/Dockerfile:1
Warn: containerImage not pinned by hash: relay/nakama/Dockerfile:15
Warn: containerImage not pinned by hash: relay/nakama/Dockerfile:29
Warn: containerImage not pinned by hash: relay/nakama/Dockerfile:38
Warn: goCommand not pinned by hash: e2e/testgames/game/Dockerfile:41
Warn: goCommand not pinned by hash: evm/proto/proto_generate_pulsar.sh:28
Warn: goCommand not pinned by hash: evm/proto/proto_generate_pulsar.sh:29
Warn: npmCommand not pinned by hash: .github/workflows/ci-docs.yaml:26
Warn: npmCommand not pinned by hash: .github/workflows/ci-md.yaml:27
Info: 0 out of 14 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 22 third-party GitHubAction dependencies pinned
Info: 0 out of 12 containerImage dependencies pinned
Info: 0 out of 3 goCommand dependencies pinned
Info: 0 out of 2 npmCommand dependencies pinned