Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/api-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-test.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/api-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-test.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/api-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-test.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/api-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-test.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/api-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-test.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/api-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-test.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/api-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-test.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/api-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-test.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/api-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-test.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/api-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backend.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/backend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backend.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/backend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backend.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/backend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backend.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/backend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backend.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/backend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backend.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/backend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backend.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/backend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backend.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/backend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backend.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/backend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backend.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/backend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/codeql.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/codeql.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/codeql.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/docs.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/docs.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/docs.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/docs.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/docs.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/docs.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-k8s.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e-k8s.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-k8s.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e-k8s.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-k8s.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e-k8s.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/e2e.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/frontend.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/frontend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/frontend.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/frontend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/frontend.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/frontend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/frontend.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/frontend.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-robot.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/issue-robot.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mergeable.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/mergeable.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/owasp-dependency-check.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/owasp-dependency-check.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/owasp-dependency-check.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/owasp-dependency-check.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/owasp-dependency-check.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/owasp-dependency-check.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docker.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-docker.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docker.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-docker.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docker.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-docker.yaml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker.yaml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-docker.yaml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-docker.yaml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-docker.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-helm-chart.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-helm-chart.yaml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-helm-chart.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-helm-chart.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-nexus.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-nexus.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-nexus.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-nexus.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-nexus.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-nexus.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-nexus.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/publish-nexus.yaml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request-target-robot.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/pull-request-target-robot.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request-target-robot.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/pull-request-target-robot.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/stale.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/unit-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/unit-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/unit-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/unit-test.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dolphinscheduler/unit-test.yml/dev?enable=pin
Warn: containerImage not pinned by hash: .github/workflows/cluster-test/mysql_with_mysql_registry/Dockerfile:18: pin your Docker image by updating eclipse-temurin:8-jre to eclipse-temurin:8-jre@sha256:88d91876e64b7bb5500f51e383c0657c36e9d1a0925a51645eee2ee980fbaf3a
Warn: containerImage not pinned by hash: .github/workflows/cluster-test/mysql_with_zookeeper_registry/Dockerfile:18: pin your Docker image by updating eclipse-temurin:8-jre to eclipse-temurin:8-jre@sha256:88d91876e64b7bb5500f51e383c0657c36e9d1a0925a51645eee2ee980fbaf3a
Warn: containerImage not pinned by hash: .github/workflows/cluster-test/postgresql_with_postgresql_registry/Dockerfile:18: pin your Docker image by updating eclipse-temurin:8-jre to eclipse-temurin:8-jre@sha256:88d91876e64b7bb5500f51e383c0657c36e9d1a0925a51645eee2ee980fbaf3a
Warn: containerImage not pinned by hash: .github/workflows/cluster-test/postgresql_with_zookeeper_registry/Dockerfile:18: pin your Docker image by updating eclipse-temurin:8-jre to eclipse-temurin:8-jre@sha256:88d91876e64b7bb5500f51e383c0657c36e9d1a0925a51645eee2ee980fbaf3a
Warn: containerImage not pinned by hash: dolphinscheduler-dist/src/main/docker/alert-server.dockerfile:18: pin your Docker image by updating eclipse-temurin:8-jdk to eclipse-temurin:8-jdk@sha256:074aa3b90fe103088f9cbc6a054728e85c20fb9af1398fdb4f5252a887255270
Warn: containerImage not pinned by hash: dolphinscheduler-dist/src/main/docker/api-server.dockerfile:18: pin your Docker image by updating eclipse-temurin:8-jdk to eclipse-temurin:8-jdk@sha256:074aa3b90fe103088f9cbc6a054728e85c20fb9af1398fdb4f5252a887255270
Warn: containerImage not pinned by hash: dolphinscheduler-dist/src/main/docker/master-server.dockerfile:18: pin your Docker image by updating eclipse-temurin:8-jdk to eclipse-temurin:8-jdk@sha256:074aa3b90fe103088f9cbc6a054728e85c20fb9af1398fdb4f5252a887255270
Warn: containerImage not pinned by hash: dolphinscheduler-dist/src/main/docker/standalone-server.dockerfile:18: pin your Docker image by updating eclipse-temurin:8-jdk to eclipse-temurin:8-jdk@sha256:074aa3b90fe103088f9cbc6a054728e85c20fb9af1398fdb4f5252a887255270
Warn: containerImage not pinned by hash: dolphinscheduler-dist/src/main/docker/tools.dockerfile:18: pin your Docker image by updating eclipse-temurin:8-jdk to eclipse-temurin:8-jdk@sha256:074aa3b90fe103088f9cbc6a054728e85c20fb9af1398fdb4f5252a887255270
Warn: containerImage not pinned by hash: dolphinscheduler-dist/src/main/docker/worker-server.dockerfile:18: pin your Docker image by updating eclipse-temurin:8-jdk to eclipse-temurin:8-jdk@sha256:074aa3b90fe103088f9cbc6a054728e85c20fb9af1398fdb4f5252a887255270
Warn: downloadThenRun not pinned by hash: .github/workflows/schema-check/mysql/start-job.sh:25
Warn: downloadThenRun not pinned by hash: .github/workflows/schema-check/postgresql/start-job.sh:25
Warn: npmCommand not pinned by hash: .github/workflows/docs.yml:65
Warn: downloadThenRun not pinned by hash: .github/workflows/e2e-k8s.yml:105
Warn: npmCommand not pinned by hash: .github/workflows/frontend.yml:75
Warn: downloadThenRun not pinned by hash: .github/workflows/unit-test.yml:87
Info: 0 out of 67 GitHub-owned GitHubAction dependencies pinned
Info: 7 out of 11 third-party GitHubAction dependencies pinned
Info: 0 out of 10 containerImage dependencies pinned
Info: 0 out of 4 downloadThenRun dependencies pinned
Info: 0 out of 2 npmCommand dependencies pinned