Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-build.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-build.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-build.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-build.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-build.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-build.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-deploy.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-deploy.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-deploy.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-deploy.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-deploy.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-deploy.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-deploy.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-deploy.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-deploy.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-deploy.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-deploy.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-deploy.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-deploy.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-deploy.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-deploy.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-deploy.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-deploy.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-deploy.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-deploy.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-deploy.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-pr-reports.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr-reports.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-pr-reports.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr-reports.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-pr.yml:234: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-pr.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-4.2.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-4.2.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release-5.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release-5.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/ci-release.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/codeql-analysis.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/codeql-analysis.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/codeql-analysis.yml/4.1?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/netty/netty/codeql-analysis.yml/4.1?enable=pin
Warn: containerImage not pinned by hash: .devcontainer/alpine/Dockerfile:3: pin your Docker image by updating mcr.microsoft.com/devcontainers/base:alpine-3.18 to mcr.microsoft.com/devcontainers/base:alpine-3.18@sha256:d770a9433fa9dfd592dad904a08ab488ebc4600278de83c428d04668e363f4b3
Warn: containerImage not pinned by hash: .devcontainer/ubuntu/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/devcontainers/base:ubuntu to mcr.microsoft.com/devcontainers/base:ubuntu@sha256:8e6762ffc190e651180923b40a157c8dc21e2b1eb4438369860eee749b30f3cb
Warn: containerImage not pinned by hash: docker/Dockerfile.centos6:1: pin your Docker image by updating centos:6.10 to centos:6.10@sha256:abc8bec96842a07c03274d3f1549bd37ec5dbfb0e36dcdfc31d70b1ad3281431
Warn: containerImage not pinned by hash: docker/Dockerfile.cross_compile_aarch64:1: pin your Docker image by updating centos:7.6.1810 to centos:7.6.1810@sha256:62d9e1c2daa91166139b51577fe4f4f6b4cc41a3a2c7fc36bd895e2a17a3e4e6
Warn: containerImage not pinned by hash: docker/Dockerfile.cross_compile_riscv64:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Warn: downloadThenRun not pinned by hash: docker/Dockerfile.centos6:25
Info: 0 out of 72 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 19 third-party GitHubAction dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned