Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/actions_build.yml:62
Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/actions_build.yml:97
Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/actions_build.yml:116
Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/actions_build.yml:158
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions_build.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions_build.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions_build.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/actions_build.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions_build.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/actions_build.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions_build.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions_build.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions_build.yml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/actions_build.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions_build.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions_build.yml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/actions_build.yml:261: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions_build.yml:273: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions_build.yml:277: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/actions_build.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/actions_build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-chaos-tests.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/e2e-chaos-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-chaos-tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/e2e-chaos-tests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-chaos-tests.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/e2e-chaos-tests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-chaos-tests.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/e2e-chaos-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gradle-cache-check.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/gradle-cache-check.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/gradle-cache-check.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/gradle-cache-check.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/gradle-cache-check.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/gradle-cache-check.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/gradle-cache-check.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/gradle-cache-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gradle-enterprise-postjob.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/gradle-enterprise-postjob.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gradle-enterprise-postjob.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/gradle-enterprise-postjob.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/gradle-enterprise-postjob.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/gradle-enterprise-postjob.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/gradle-enterprise-postjob.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/gradle-enterprise-postjob.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gradle-enterprise-postjob.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/gradle-enterprise-postjob.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-stale.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/pr-stale.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/public-suffixes.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/public-suffixes.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/public-suffixes.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/public-suffixes.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/public-suffixes.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/public-suffixes.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/public-suffixes.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/public-suffixes.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/public-suffixes.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/public-suffixes.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/publish-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/publish-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/publish-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/publish-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-site.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/publish-site.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-site.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/publish-site.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-site.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/publish-site.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-site.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/publish-site.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag-new-release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/tag-new-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-new-release.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/tag-new-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag-new-release.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/tag-new-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag-new-release.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/line/armeria/tag-new-release.yml/main?enable=pin
Warn: containerImage not pinned by hash: gradle/scripts/lib/thrift/dockerfile/Dockerfile.bionic:3
Warn: containerImage not pinned by hash: gradle/scripts/lib/thrift/dockerfile/Dockerfile.bionic:44: pin your Docker image by updating ubuntu:bionic to ubuntu:bionic@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98
Warn: containerImage not pinned by hash: gradle/scripts/lib/thrift/dockerfile/Dockerfile.centos7:4
Warn: containerImage not pinned by hash: gradle/scripts/lib/thrift/dockerfile/Dockerfile.centos7:45: pin your Docker image by updating centos:centos7 to centos:centos7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
Warn: containerImage not pinned by hash: gradle/scripts/lib/thrift/dockerfile/Dockerfile.trusty:3
Warn: containerImage not pinned by hash: gradle/scripts/lib/thrift/dockerfile/Dockerfile.trusty:44: pin your Docker image by updating ubuntu:trusty to ubuntu:trusty@sha256:64483f3496c1373bfd55348e88694d1c4d0c9b660dee6bfef5e12f43b9933b30
Warn: downloadThenRun not pinned by hash: .github/workflows/e2e-chaos-tests.yml:42
Info: 0 out of 27 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 20 third-party GitHubAction dependencies pinned
Info: 2 out of 2 npmCommand dependencies pinned
Info: 0 out of 6 containerImage dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned