Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code_verify.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/code_verify.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code_verify.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/code_verify.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code_verify.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/code_verify.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_parallel_jobs.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_parallel_jobs.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_parallel_jobs.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_parallel_jobs.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_parallel_jobs.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_parallel_jobs.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_parallel_jobs.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_parallel_jobs.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_scheduling_actions.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_scheduling_actions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_scheduling_actions.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_scheduling_actions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_scheduling_actions.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_scheduling_actions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_scheduling_actions.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_scheduling_actions.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_scheduling_basic.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_scheduling_basic.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_scheduling_basic.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_scheduling_basic.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_scheduling_basic.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_scheduling_basic.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_scheduling_basic.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_scheduling_basic.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_sequence.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_sequence.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_sequence.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_sequence.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_sequence.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_sequence.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_sequence.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_sequence.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e_spark.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_spark.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_spark.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_spark.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_spark.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_spark.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_spark.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_spark.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_spark.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_spark.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_spark.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_spark.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_spark.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_spark.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e_spark.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_spark.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_spark.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_spark.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_vcctl.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_vcctl.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_vcctl.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_vcctl.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_vcctl.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_vcctl.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e_vcctl.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/e2e_vcctl.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fossa.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/fossa.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fossa.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/fossa.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/licenses_lint.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/licenses_lint.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/licenses_lint.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/licenses_lint.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/release.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release_chart.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/release_chart.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release_chart.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/release_chart.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release_chart.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/release_chart.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecards.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/scorecards.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/workflows-approve.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/workflows-approve.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/workflows-approve.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/volcano-sh/volcano/workflows-approve.yaml/master?enable=pin
Warn: containerImage not pinned by hash: example/custom-plugin/Dockerfile:1: pin your Docker image by updating volcanosh/vc-scheduler:latest to volcanosh/vc-scheduler:latest@sha256:fcba3a9af549140bcb1a3ff394ac00769a6b57d4b66fd8481eded3c778cd7579
Warn: containerImage not pinned by hash: example/integrations/mpi/Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97
Warn: containerImage not pinned by hash: example/integrations/mxnet/train/Dockerfile:1
Warn: containerImage not pinned by hash: example/integrations/tensorflow/benchmark/Dockerfile:6: pin your Docker image by updating python:2.7 to python:2.7@sha256:cfa62318c459b1fde9e0841c619906d15ada5910d625176e24bf692cf8a2601d
Warn: containerImage not pinned by hash: installer/dockerfile/agent/Dockerfile:18
Warn: containerImage not pinned by hash: installer/dockerfile/agent/Dockerfile:25
Warn: containerImage not pinned by hash: installer/dockerfile/agent/Dockerfile:31: pin your Docker image by updating alpine:latest to alpine:latest@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: installer/dockerfile/controller-manager/Dockerfile:15
Warn: containerImage not pinned by hash: installer/dockerfile/controller-manager/Dockerfile:22: pin your Docker image by updating alpine:latest to alpine:latest@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: installer/dockerfile/scheduler/Dockerfile:15
Warn: containerImage not pinned by hash: installer/dockerfile/scheduler/Dockerfile:22: pin your Docker image by updating alpine:latest to alpine:latest@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: containerImage not pinned by hash: installer/dockerfile/webhook-manager/Dockerfile:15
Warn: containerImage not pinned by hash: installer/dockerfile/webhook-manager/Dockerfile:22: pin your Docker image by updating alpine:latest to alpine:latest@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: pipCommand not pinned by hash: example/integrations/tensorflow/benchmark/Dockerfile:12-13
Warn: goCommand not pinned by hash: hack/generate-groups.sh:53
Warn: goCommand not pinned by hash: hack/generate-groups.sh:54
Warn: goCommand not pinned by hash: hack/generate-internal-groups.sh:54
Warn: goCommand not pinned by hash: hack/lib/install.sh:97
Warn: goCommand not pinned by hash: hack/local-up-cluster.sh:41
Warn: downloadThenRun not pinned by hash: hack/verify-golangci-lint.sh:30
Warn: downloadThenRun not pinned by hash: .github/workflows/fossa.yml:26
Info: 2 out of 48 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 5 third-party GitHubAction dependencies pinned
Info: 0 out of 13 containerImage dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned
Info: 6 out of 11 goCommand dependencies pinned
Info: 0 out of 2 downloadThenRun dependencies pinned