GitHub

intel/zephyr

35 forks

55 stars

Homepage

https://github.com/intel/zephyr

Project metadata as of June 1, 2025.

OpenSSF scorecard

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

View information about checks and how to fix failures.

Score

5.2/10

Scorecard as of June 2, 2025.

Code-Review

0/10

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

Reasoning

Found 0/27 approved changesets -- score normalized to 0

Maintained

0/10

Determines if the project is "actively maintained".

Reasoning

0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0

CII-Best-Practices

0/10

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

Reasoning

no effort to earn an OpenSSF best practices badge detected

License

10/10

Determines if the project has defined a license.

Reasoning

license file detected

Dangerous-Workflow

10/10

Determines if the project's GitHub Action workflows avoid dangerous patterns.

Reasoning

no dangerous workflow patterns detected

Security-Policy

10/10

Determines if the project has published a security policy.

Reasoning

security policy file detected

Token-Permissions

10/10

Determines if the project's workflows follow the principle of least privilege.

Reasoning

GitHub workflow tokens follow principle of least privilege

SAST

0/10

Determines if the project uses static code analysis.

Reasoning

SAST tool is not run on all commits -- score normalized to 0

Vulnerabilities

0/10

Determines if the project has open, known unfixed vulnerabilities.

Reasoning

66 existing vulnerabilities detected

Fuzzing

10/10

Determines if the project uses fuzzing.

Reasoning

project is fuzzed

Binary-Artifacts

10/10

Determines if the project has generated executable (binary) artifacts in the source repository.

Reasoning

no binaries found in the repo

Pinned-Dependencies

0/10

Determines if the project has declared and pinned the dependencies of its build process.

Reasoning

dependency not pinned by hash detected -- score normalized to 0

This site uses cookies from Google to deliver its services and to analyze traffic.

Token-Permissions

Info: topLevel permissions set to 'read-all': .github/workflows/assigner.yml:14

Info: topLevel permissions set to 'read-all': .github/workflows/backport.yml:10

Info: topLevel permissions set to 'read-all': .github/workflows/backport_issue_check.yml:8

Info: topLevel permissions set to 'read-all': .github/workflows/bluetooth-tests-publish.yaml:9

Info: topLevel permissions set to 'read-all': .github/workflows/bluetooth-tests.yaml:14

Info: topLevel permissions set to 'read-all': .github/workflows/bug_snapshot.yaml:16

Info: topLevel permissions set to 'read-all': .github/workflows/codecov.yaml:7

Info: topLevel permissions set to 'read-all': .github/workflows/coding_guidelines.yml:5

Info: topLevel permissions set to 'read-all': .github/workflows/compliance.yml:5

Info: topLevel permissions set to 'read-all': .github/workflows/daily_test_version.yml:13

Info: topLevel permissions set to 'read-all': .github/workflows/devicetree_checks.yml:23

Info: topLevel permissions set to 'read-all': .github/workflows/do_not_merge.yml:7

Info: topLevel permissions set to 'read-all': .github/workflows/doc-build.yml:27

Info: topLevel permissions set to 'read-all': .github/workflows/doc-publish-pr.yml:13

Info: topLevel permissions set to 'read-all': .github/workflows/doc-publish.yml:16

Info: topLevel permissions set to 'read-all': .github/workflows/errno.yml:9

Info: topLevel permissions set to 'read-all': .github/workflows/footprint-tracking.yml:16

Info: topLevel permissions set to 'read-all': .github/workflows/footprint.yml:5

Info: topLevel permissions set to 'read-all': .github/workflows/issue_count.yml:7

Info: topLevel permissions set to 'read-all': .github/workflows/license_check.yml:5

Info: topLevel permissions set to 'read-all': .github/workflows/release.yml:9

Info: topLevel permissions set to 'read-all': .github/workflows/stale-workflow-queue-cleanup.yml:10

Info: topLevel permissions set to 'read-all': .github/workflows/stale_issue.yml:6

Info: topLevel permissions set to 'read-all': .github/workflows/twister_tests.yml:26

Info: topLevel permissions set to 'read-all': .github/workflows/west_cmds.yml:24

Info: no jobLevel write permissions found

Vulnerabilities

Warn: Project is vulnerable to: PYSEC-2019-41 / GHSA-qfc5-mcwq-26q8

Warn: Project is vulnerable to: PYSEC-2020-176 / GHSA-3pqx-4fqf-j49f

Warn: Project is vulnerable to: PYSEC-2020-96 / GHSA-6757-jp84-gxfx

Warn: Project is vulnerable to: PYSEC-2021-142 / GHSA-8q59-q68h-6hv4

Warn: Project is vulnerable to: GHSA-55x5-fj6c-h6m8

Warn: Project is vulnerable to: PYSEC-2014-9 / GHSA-57qw-cc2g-pv5p

Warn: Project is vulnerable to: PYSEC-2021-19 / GHSA-jq4v-f5q6-mjqq

Warn: Project is vulnerable to: GHSA-pgww-xf46-h92r

Warn: Project is vulnerable to: PYSEC-2022-230 / GHSA-wrxv-2j5q-m38w

Warn: Project is vulnerable to: PYSEC-2018-12 / GHSA-xp26-p53h-6h2p

Warn: Project is vulnerable to: PYSEC-2023-117 / GHSA-mrwq-x4v8-fh7p

Warn: Project is vulnerable to: GHSA-3c5c-7235-994j

Warn: Project is vulnerable to: GHSA-3f63-hfp8-52jq

Warn: Project is vulnerable to: PYSEC-2021-41 / GHSA-3wvg-mj6g-m9cv

Warn: Project is vulnerable to: GHSA-3xv8-3j54-hgrp

Warn: Project is vulnerable to: PYSEC-2020-80 / GHSA-43fq-w8qq-v88h

Warn: Project is vulnerable to: GHSA-44wm-f244-xhp3

Warn: Project is vulnerable to: GHSA-4fx9-vc88-q2xc

Warn: Project is vulnerable to: PYSEC-2021-35 / GHSA-57h3-9rgr-c24m

Warn: Project is vulnerable to: PYSEC-2020-172 / GHSA-5gm3-px64-rw72

Warn: Project is vulnerable to: PYSEC-2021-331 / GHSA-7534-mm45-c74v

Warn: Project is vulnerable to: PYSEC-2021-92 / GHSA-7r7m-5h27-29hp

Warn: Project is vulnerable to: GHSA-8843-m7mw-mxqm

Warn: Project is vulnerable to: PYSEC-2023-227 / GHSA-8ghj-p4vj-mr35

Warn: Project is vulnerable to: PYSEC-2014-87 / GHSA-8m9x-pxwq-j236

Warn: Project is vulnerable to: PYSEC-2022-10 / GHSA-8vj2-vxx3-667w

Warn: Project is vulnerable to: PYSEC-2021-36 / GHSA-8xjq-8fcg-g5hw

Warn: Project is vulnerable to: PYSEC-2016-6 / GHSA-8xjv-v9xq-m5h9

Warn: Project is vulnerable to: PYSEC-2021-42 / GHSA-95q3-8gr9-gm8w

Warn: Project is vulnerable to: PYSEC-2022-168 / GHSA-9j59-75qj-795w

Warn: Project is vulnerable to: PYSEC-2014-10 / GHSA-cfmr-38g9-f2h7

Warn: Project is vulnerable to: PYSEC-2020-76 / GHSA-cqhg-xjhh-p8hf

Warn: Project is vulnerable to: PYSEC-2021-40 / GHSA-f4w8-cv6p-x6r5

Warn: Project is vulnerable to: PYSEC-2021-69 / GHSA-f5g8-5qq7-938w

Warn: Project is vulnerable to: PYSEC-2021-139 / GHSA-g6rj-rv7j-xwp4

Warn: Project is vulnerable to: PYSEC-2015-16 / GHSA-h5rf-vgqx-wjv2

Warn: Project is vulnerable to: PYSEC-2016-5 / GHSA-hggx-3h72-49ww

Warn: Project is vulnerable to: PYSEC-2020-84 / GHSA-hj69-c76v-86wr

Warn: Project is vulnerable to: PYSEC-2016-7 / GHSA-hvr8-466p-75rh

Warn: Project is vulnerable to: PYSEC-2015-15 / GHSA-j6f7-g425-4gmx

Warn: Project is vulnerable to: GHSA-j7hp-h8jx-5ppr

Warn: Project is vulnerable to: PYSEC-2019-110 / GHSA-j7mj-748x-7p78

Warn: Project is vulnerable to: GHSA-jgpv-4h4c-xhw3

Warn: Project is vulnerable to: PYSEC-2022-42979 / GHSA-m2vv-5vj5-2hm7

Warn: Project is vulnerable to: PYSEC-2021-37 / GHSA-mvg9-xffr-p774

Warn: Project is vulnerable to: PYSEC-2020-83 / GHSA-p49h-hjvm-jg3h

Warn: Project is vulnerable to: PYSEC-2022-8 / GHSA-pw3c-h7wp-cvhx

Warn: Project is vulnerable to: PYSEC-2021-93 / GHSA-q5hq-fp76-qmrc

Warn: Project is vulnerable to: PYSEC-2020-82 / GHSA-r7rm-8j6h-r933

Warn: Project is vulnerable to: PYSEC-2014-23 / GHSA-r854-96gq-rfg3

Warn: Project is vulnerable to: PYSEC-2016-8 / GHSA-rwr3-c2q8-gm56

Warn: Project is vulnerable to: PYSEC-2020-81 / GHSA-vcqg-3p29-xw73

Warn: Project is vulnerable to: PYSEC-2020-79 / GHSA-vj42-xq3r-hr3r

Warn: Project is vulnerable to: PYSEC-2021-70 / GHSA-vqcj-wrf2-7v73

Warn: Project is vulnerable to: PYSEC-2016-9 / GHSA-w4vg-rf63-f3j3

Warn: Project is vulnerable to: PYSEC-2014-22 / GHSA-x895-2wrm-hvp7

Warn: Project is vulnerable to: PYSEC-2022-9 / GHSA-xrcv-f9gm-v42c

Warn: Project is vulnerable to: PYSEC-2020-77

Warn: Project is vulnerable to: PYSEC-2020-78

Warn: Project is vulnerable to: PYSEC-2021-137

Warn: Project is vulnerable to: PYSEC-2021-138

Warn: Project is vulnerable to: PYSEC-2021-317

Warn: Project is vulnerable to: PYSEC-2021-38

Warn: Project is vulnerable to: PYSEC-2021-39

Warn: Project is vulnerable to: PYSEC-2021-94

Warn: Project is vulnerable to: PYSEC-2023-175

Pinned-Dependencies

Info: Possibly incomplete results: error parsing shell code: = must follow a name: tests/bluetooth/bsim_bt/_compile_permutate_kconfigs.sh:0

Info: Possibly incomplete results: error parsing shell code: parameter expansion requires a literal: zephyr-env.sh:0

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/assigner.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/assigner.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/backport.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/backport.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport_issue_check.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/backport_issue_check.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/bluetooth-tests-publish.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/bluetooth-tests-publish.yaml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/bluetooth-tests-publish.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/bluetooth-tests-publish.yaml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bluetooth-tests.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/bluetooth-tests.yaml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bluetooth-tests.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/bluetooth-tests.yaml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bluetooth-tests.yaml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/bluetooth-tests.yaml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bug_snapshot.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/bug_snapshot.yaml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/bug_snapshot.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/bug_snapshot.yaml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/codecov.yaml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/codecov.yaml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/codecov.yaml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/codecov.yaml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/codecov.yaml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/codecov.yaml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/codecov.yaml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/codecov.yaml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coding_guidelines.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/coding_guidelines.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coding_guidelines.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/coding_guidelines.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/compliance.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/compliance.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/compliance.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/daily_test_version.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/daily_test_version.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/daily_test_version.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/daily_test_version.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/devicetree_checks.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/devicetree_checks.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/devicetree_checks.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/devicetree_checks.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/devicetree_checks.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-build.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-build.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-build.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-build.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-build.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-build.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-build.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish-pr.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-publish-pr.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish-pr.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-publish-pr.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish-pr.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-publish-pr.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-publish.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/doc-publish.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/errno.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/errno.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/footprint-tracking.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/footprint-tracking.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/footprint-tracking.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/footprint-tracking.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/footprint.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/footprint.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue_count.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/issue_count.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_count.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/issue_count.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue_count.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/issue_count.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license_check.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/license_check.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/license_check.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/license_check.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license_check.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/license_check.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/release.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/release.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/release.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/release.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/release.yml/main?enable=pin

Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale-workflow-queue-cleanup.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/stale-workflow-queue-cleanup.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale_issue.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/stale_issue.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister_tests.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/twister_tests.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister_tests.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/twister_tests.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister_tests.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/twister_tests.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/west_cmds.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/west_cmds.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/west_cmds.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/west_cmds.yml/main?enable=pin

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/zephyr/west_cmds.yml/main?enable=pin

Warn: pipCommand not pinned by hash: .github/workflows/assigner.yml:25

Warn: pipCommand not pinned by hash: .github/workflows/assigner.yml:26

Warn: pipCommand not pinned by hash: .github/workflows/backport_issue_check.yml:22

Warn: pipCommand not pinned by hash: .github/workflows/backport_issue_check.yml:23

Warn: pipCommand not pinned by hash: .github/workflows/bug_snapshot.yaml:30

Warn: pipCommand not pinned by hash: .github/workflows/bug_snapshot.yaml:31

Warn: pipCommand not pinned by hash: .github/workflows/coding_guidelines.yml:26

Warn: pipCommand not pinned by hash: .github/workflows/coding_guidelines.yml:27

Warn: pipCommand not pinned by hash: .github/workflows/coding_guidelines.yml:28

Warn: pipCommand not pinned by hash: .github/workflows/compliance.yml:30

Warn: pipCommand not pinned by hash: .github/workflows/compliance.yml:31

Warn: pipCommand not pinned by hash: .github/workflows/compliance.yml:32

Warn: pipCommand not pinned by hash: .github/workflows/compliance.yml:33

Warn: pipCommand not pinned by hash: .github/workflows/daily_test_version.yml:30

Warn: pipCommand not pinned by hash: .github/workflows/devicetree_checks.yml:72

Warn: pipCommand not pinned by hash: .github/workflows/devicetree_checks.yml:73

Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:66

Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:67

Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:68

Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:69

Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:145

Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:146

Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:147

Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:148

Warn: pipCommand not pinned by hash: .github/workflows/footprint-tracking.yml:48

Warn: pipCommand not pinned by hash: .github/workflows/twister_tests.yml:53

Warn: pipCommand not pinned by hash: .github/workflows/west_cmds.yml:73

Warn: pipCommand not pinned by hash: .github/workflows/west_cmds.yml:74

Info: 0 out of 47 GitHub-owned GitHubAction dependencies pinned

Info: 0 out of 18 third-party GitHubAction dependencies pinned

Info: 0 out of 28 pipCommand dependencies pinned