Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:274: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:289: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:319: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:327: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:335: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:343: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:354: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:365: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:391: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:400: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:197: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:410: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/closed-issue-message.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/closed-issue-message.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/handle-stale-discussions.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/handle-stale-discussions.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale_issue.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-iot-device-sdk-js-v2/stale_issue.yml/main?enable=pin
Warn: npmCommand not pinned by hash: codebuild/cd/test-publish.sh:41
Warn: npmCommand not pinned by hash: codebuild/cd/test-publish.sh:42
Warn: npmCommand not pinned by hash: codebuild/cd/test-publish.sh:49
Warn: npmCommand not pinned by hash: codebuild/samples/connect-linux.sh:12
Warn: npmCommand not pinned by hash: codebuild/samples/connect-linux.sh:21
Warn: npmCommand not pinned by hash: codebuild/samples/custom-auth-linux.sh:14
Warn: npmCommand not pinned by hash: codebuild/samples/pubsub-linux.sh:12
Warn: npmCommand not pinned by hash: codebuild/samples/pubsub-linux.sh:21
Warn: npmCommand not pinned by hash: codebuild/samples/setup-linux.sh:12
Warn: npmCommand not pinned by hash: codebuild/samples/shadow-linux.sh:12
Warn: npmCommand not pinned by hash: make-docs.sh:20
Warn: npmCommand not pinned by hash: test/greengrass/basic_discovery/install.sh:5
Warn: npmCommand not pinned by hash: test/greengrass/ipc/install.sh:5
Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:132
Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:180
Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:219
Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 24 third-party GitHubAction dependencies pinned
Info: 2 out of 15 npmCommand dependencies pinned
Info: 0 out of 3 pipCommand dependencies pinned