Info: Possibly incomplete results: error parsing shell code: "}" can only be used to close a block: .github/workflows/windows.yaml:26
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codespell.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/codespell.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/codespell.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/codespell.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/darwin.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/darwin.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/darwin.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/darwin.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/linux.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/linux.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pluto.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/pluto.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pluto.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/pluto.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shellcheck.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/shellcheck.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/shellcheck.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/shellcheck.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/static.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/static.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/static.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/static.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/static.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/static.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/trivy.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/trivy.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/trivy.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/trivy.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/windows.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/azurefile-csi-driver/windows.yaml/master?enable=pin
Warn: containerImage not pinned by hash: pkg/azurefileplugin/Dockerfile:17
Warn: containerImage not pinned by hash: pkg/azurefileplugin/Dockerfile:19
Warn: containerImage not pinned by hash: pkg/azurefileplugin/Dockerfile:28
Warn: containerImage not pinned by hash: pkg/azurefileplugin/Windows.Dockerfile:3
Warn: containerImage not pinned by hash: pkg/azurefileplugin/Windows.Dockerfile:5
Warn: containerImage not pinned by hash: pkg/azurefileplugin/WindowsHostProcess.Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 to mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b
Warn: downloadThenRun not pinned by hash: hack/verify-golint.sh:21
Warn: downloadThenRun not pinned by hash: hack/verify-helm-chart.sh:42
Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10
Warn: goCommand not pinned by hash: .github/workflows/linux.yaml:32
Info: 0 out of 17 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 5 third-party GitHubAction dependencies pinned
Info: 0 out of 6 containerImage dependencies pinned
Info: 2 out of 4 goCommand dependencies pinned
Info: 0 out of 2 downloadThenRun dependencies pinned
Info: 1 out of 1 pipCommand dependencies pinned