Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:367: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:390: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:405: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:429: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:452: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:473: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:482: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:500: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:563: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:565: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:569: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:582: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:588: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:594: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:600: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:606: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:632: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:526: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:535: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:256: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:291: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:328: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:354: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmake.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/cmake.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/pypi.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/pypi.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/pypi.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release_rust.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/thrift/release_rust.yml/master?enable=pin
Warn: containerImage not pinned by hash: build/docker/msvc2017/Dockerfile:16
Warn: containerImage not pinned by hash: build/docker/ubuntu-focal/Dockerfile:18: pin your Docker image by updating buildpack-deps:focal-scm to buildpack-deps:focal-scm@sha256:5308dfd69986e614671317b78b8ad45eb8bcb97f72afad03eb557428a11526e1
Warn: containerImage not pinned by hash: build/docker/ubuntu-jammy/Dockerfile:18: pin your Docker image by updating buildpack-deps:jammy-scm to buildpack-deps:jammy-scm@sha256:65b6be032f9d7e64ea541e00e48c71bd961be04741c6d688f33218ab031a9f9c
Warn: chocoCommand not pinned by hash: build/docker/msvc2017/Dockerfile:51
Warn: chocoCommand not pinned by hash: build/docker/msvc2017/Dockerfile:54
Warn: chocoCommand not pinned by hash: build/docker/msvc2017/Dockerfile:84
Warn: chocoCommand not pinned by hash: build/docker/msvc2017/Dockerfile:87
Warn: downloadThenRun not pinned by hash: build/docker/ubuntu-focal/Dockerfile:275-276
Warn: pipCommand not pinned by hash: build/docker/ubuntu-focal/Dockerfile:303-307
Warn: downloadThenRun not pinned by hash: build/docker/ubuntu-jammy/Dockerfile:274-275
Warn: pipCommand not pinned by hash: build/docker/ubuntu-jammy/Dockerfile:302-306
Warn: goCommand not pinned by hash: test/go/genmock.sh:7
Warn: pipCommand not pinned by hash: .github/workflows/build.yml:488
Warn: downloadThenRun not pinned by hash: .github/workflows/build.yml:414
Info: 0 out of 41 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 0 out of 3 pipCommand dependencies pinned
Info: 0 out of 1 goCommand dependencies pinned
Info: 0 out of 3 containerImage dependencies pinned
Info: 0 out of 4 chocoCommand dependencies pinned
Info: 0 out of 3 downloadThenRun dependencies pinned