Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-core.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-core.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-core.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-core.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-events-sdk-transformer.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-events-sdk-transformer.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-events-sdk-transformer.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-events-sdk-transformer.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-events.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-events.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-events.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-events.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-log4j2.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-log4j2.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-log4j2.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-log4j2.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-profiler.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-profiler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-profiler.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-profiler.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-profiler.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-profiler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-profiler.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-profiler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-serialization.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-serialization.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-serialization.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-serialization.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-tests.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws-lambda-java-tests.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/aws-lambda-java-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/repo-sync.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/repo-sync.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repo-sync.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/repo-sync.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repo-sync.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/repo-sync.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_merge_to_main.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_merge_to_main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_merge_to_main.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_merge_to_main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_merge_to_main.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_merge_to_main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_merge_to_main.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_merge_to_main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_merge_to_main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_merge_to_main.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_merge_to_main.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_merge_to_main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_pr.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_pr.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_pr.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_pr.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_pr.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_pr.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_pr.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_pr.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_pr.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_pr.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime-interface-client_pr.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/runtime-interface-client_pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/samples.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/samples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/samples.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/samples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/samples.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/samples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/samples.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/samples.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/samples.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-lambda-java-libs/samples.yml/main?enable=pin
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/src/main/jni/Dockerfile.glibc:1: pin your Docker image by updating public.ecr.aws/amazonlinux/amazonlinux:2 to public.ecr.aws/amazonlinux/amazonlinux:2@sha256:bf4d96f155dff2ebf31ad98a503ee48609e0b883a728c5be75c7fb1b86b5f334
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/src/main/jni/Dockerfile.musl:1: pin your Docker image by updating public.ecr.aws/docker/library/alpine:3 to public.ecr.aws/docker/library/alpine:3@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/src/main/jni/deps/aws-lambda-cpp-0.2.7/examples/Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/test/integration/codebuild-local/Dockerfile.agent:1: pin your Docker image by updating public.ecr.aws/amazoncorretto/amazoncorretto:8 to public.ecr.aws/amazoncorretto/amazoncorretto:8@sha256:ab16b4999b16c4beff11cc8712a16e99586c22206e0c40a104ee785076b2dc8f
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/test/integration/docker/Dockerfile.function.alpine:3
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/test/integration/docker/Dockerfile.function.amazoncorretto:3
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/test/integration/docker/Dockerfile.function.amazonlinux:3
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/test/integration/docker/Dockerfile.function.centos:3
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/test/integration/docker/Dockerfile.function.debian:3
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/test/integration/docker/Dockerfile.function.debian:12
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/test/integration/docker/Dockerfile.function.ubuntu:3
Warn: containerImage not pinned by hash: aws-lambda-java-runtime-interface-client/test/integration/docker/Dockerfile.function.ubuntu:13
Info: 0 out of 27 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 11 third-party GitHubAction dependencies pinned
Info: 0 out of 12 containerImage dependencies pinned