Info: Possibly incomplete results: error parsing shell code: (( can only be used to open an arithmetic cmd: hack/toolbox/Dockerfile.windows:17
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/baseimages.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/baseimages.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/baseimages.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/baseimages.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/codeql.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/codeql.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/codeql.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/codeql.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/codeql.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/crdgen.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/crdgen.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/crdgen.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/crdgen.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cyclonus-netpol-extended-nightly-test.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/cyclonus-netpol-extended-nightly-test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cyclonus-netpol-extended-nightly-test.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/cyclonus-netpol-extended-nightly-test.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cyclonus-netpol-extended-nightly-test.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/cyclonus-netpol-extended-nightly-test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cyclonus-netpol-extended-nightly-test.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/cyclonus-netpol-extended-nightly-test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cyclonus-netpol-test.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/cyclonus-netpol-test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cyclonus-netpol-test.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/cyclonus-netpol-test.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cyclonus-netpol-test.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/cyclonus-netpol-test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cyclonus-netpol-test.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/cyclonus-netpol-test.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/golangci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/golangci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/golangci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-container-networking/stale.yaml/master?enable=pin
Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:2
Warn: containerImage not pinned by hash: .pipelines/build/dockerfiles/ipv6-hp-bpf.Dockerfile:4
Warn: containerImage not pinned by hash: .pipelines/build/dockerfiles/npm.Dockerfile:16
Warn: containerImage not pinned by hash: bpf-prog/ipv6-hp-bpf/linux.Dockerfile:42
Warn: containerImage not pinned by hash: cni/telemetry/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/oss/mirror/docker.io/library/ubuntu:20.04 to mcr.microsoft.com/oss/mirror/docker.io/library/ubuntu:20.04@sha256:fd92c36d3cb9b1d027c4d2a72c6bf0125da82425fc2ca37c414d4f010180dc19
Warn: containerImage not pinned by hash: hack/toolbox/Dockerfile.windows:2
Warn: containerImage not pinned by hash: hack/toolbox/Dockerfile.windows:14: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2022 to mcr.microsoft.com/windows/servercore:ltsc2022@sha256:c489e1737a833a111f0f35b28257b1071d30b6db6b9ee50e88b7c08b901efc67
Warn: containerImage not pinned by hash: hack/toolbox/manifests/Dockerfile.heavy:1: pin your Docker image by updating mcr.microsoft.com/oss/mirror/docker.io/library/ubuntu:20.04 to mcr.microsoft.com/oss/mirror/docker.io/library/ubuntu:20.04@sha256:fd92c36d3cb9b1d027c4d2a72c6bf0125da82425fc2ca37c414d4f010180dc19
Warn: containerImage not pinned by hash: hack/toolbox/server/Dockerfile.heavy:1
Warn: containerImage not pinned by hash: hack/toolbox/server/Dockerfile.heavy:6: pin your Docker image by updating mcr.microsoft.com/mirror/docker/library/ubuntu:22.04 to mcr.microsoft.com/mirror/docker/library/ubuntu:22.04@sha256:3c61d3759c2639d4b836d32a2d3c83fa0214e36f195a3421018dbaaf79cbe37f
Warn: containerImage not pinned by hash: hack/toolbox/server/Dockerfile.lite:1
Warn: containerImage not pinned by hash: npm/linux.Dockerfile:1
Warn: containerImage not pinned by hash: npm/linux.Dockerfile:9
Warn: containerImage not pinned by hash: npm/windows.Dockerfile:2
Warn: containerImage not pinned by hash: tools/acncli/Dockerfile:1
Warn: chocoCommand not pinned by hash: hack/toolbox/Dockerfile.windows:19
Warn: goCommand not pinned by hash: scripts/install-protoc.sh:34
Warn: goCommand not pinned by hash: scripts/install-protoc.sh:42
Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 3 third-party GitHubAction dependencies pinned
Info: 0 out of 1 chocoCommand dependencies pinned
Info: 0 out of 2 goCommand dependencies pinned
Info: 31 out of 46 containerImage dependencies pinned