Info: Possibly incomplete results: error parsing shell code: invalid parameter name: integration/client-cli/admin-cli/src/main/bin/kcadm.sh:0
Info: Possibly incomplete results: error parsing shell code: invalid parameter name: integration/client-cli/admin-cli/src/main/bin/kcreg.sh:0
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aurora-delete.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/aurora-delete.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1060: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:753: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:787: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:820: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:855: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:941: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1018: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1113: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:234: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:332: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:417: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:448: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:464: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:381: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:899: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1076: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:500: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:597: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:640: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:673: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:980: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:993: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/documentation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/documentation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/documentation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/documentation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/documentation.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/guides.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/guides.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/guides.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/guides.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/guides.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/guides.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-ci.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-ci.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:247: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-ci.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:288: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:310: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/label.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/quarkus-next.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/quarkus-next.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snyk-analysis.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/snyk-analysis.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/snyk-analysis.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/snyk-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snyk-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/snyk-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snyk-analysis.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/snyk-analysis.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/trivy-analysis.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/trivy-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy-analysis.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/trivy-analysis.yml/main?enable=pin
Warn: containerImage not pinned by hash: operator/Dockerfile:1
Warn: containerImage not pinned by hash: operator/Dockerfile:6: pin your Docker image by updating registry.access.redhat.com/ubi9-micro to registry.access.redhat.com/ubi9-micro@sha256:f6e0a71b7e0875b54ea559c2e0a6478703268a8d4b8bdcf5d911d0dae76aef51
Warn: containerImage not pinned by hash: operator/scripts/Dockerfile-custom-image:3
Warn: containerImage not pinned by hash: quarkus/container/Dockerfile:1
Warn: containerImage not pinned by hash: quarkus/container/Dockerfile:22: pin your Docker image by updating registry.access.redhat.com/ubi9-micro to registry.access.redhat.com/ubi9-micro@sha256:f6e0a71b7e0875b54ea559c2e0a6478703268a8d4b8bdcf5d911d0dae76aef51
Warn: pipCommand not pinned by hash: .github/scripts/ansible/aws_ec2.sh:16
Info: 0 out of 80 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 9 third-party GitHubAction dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned