Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-image.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/docker-image.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/docker-publish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/docker-publish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kali-package.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/kali-package.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kali-package.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/kali-package.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pytest.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/pytest.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pytest.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/pytest.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pytest.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/pytest.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pythonpublish.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/pythonpublish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pythonpublish.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/pythonpublish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke_test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/smoke_test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke_test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/smoke_test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/smoke_test.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/quark-engine/quark-engine/smoke_test.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.10-slim to python:3.10-slim@sha256:9dd6774a1276178f94b0cc1fb1f0edd980825d0ea7634847af9940b1b6273c13
Warn: pipCommand not pinned by hash: Dockerfile:10
Warn: pipCommand not pinned by hash: .github/workflows/pytest.yml:28
Warn: pipCommand not pinned by hash: .github/workflows/pytest.yml:29
Warn: pipCommand not pinned by hash: .github/workflows/pytest.yml:53
Warn: pipCommand not pinned by hash: .github/workflows/pytest.yml:56
Warn: downloadThenRun not pinned by hash: .github/workflows/pytest.yml:60
Warn: pipCommand not pinned by hash: .github/workflows/pytest.yml:65
Warn: pipCommand not pinned by hash: .github/workflows/pytest.yml:69
Warn: pipCommand not pinned by hash: .github/workflows/pytest.yml:72
Warn: pipCommand not pinned by hash: .github/workflows/pytest.yml:73
Warn: pipCommand not pinned by hash: .github/workflows/pythonpublish.yml:18
Warn: pipCommand not pinned by hash: .github/workflows/pythonpublish.yml:19
Warn: pipCommand not pinned by hash: .github/workflows/smoke_test.yml:40
Warn: pipCommand not pinned by hash: .github/workflows/smoke_test.yml:43
Warn: pipCommand not pinned by hash: .github/workflows/smoke_test.yml:47
Warn: pipCommand not pinned by hash: .github/workflows/smoke_test.yml:52
Warn: pipCommand not pinned by hash: .github/workflows/smoke_test.yml:67
Warn: pipCommand not pinned by hash: .github/workflows/smoke_test.yml:71
Info: 0 out of 15 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 0 out of 17 pipCommand dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned