Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cicd.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cleanup.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cleanup.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cleanup.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/cleanup.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/contributors.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/contributors.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/contributors.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/contributors.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/Roche/gitlab-configuration-as-code/release.yml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.8-alpine to python:3.8-alpine@sha256:3d93b1f77efce339aa77db726656872517b0d67837989aa7c4b35bd5ae7e81ba
Warn: pipCommand not pinned by hash: .github/workflows/cicd.yml:35
Warn: pipCommand not pinned by hash: .github/workflows/cicd.yml:53
Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 14 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 0 out of 2 pipCommand dependencies pinned