Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/change-version.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/change-version.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/change-version.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/change-version.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code-style.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/code-style.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code-style.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/code-style.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:234: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:274: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:279: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:300: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:305: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:326: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:331: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:336: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:341: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:387: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:391: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/regression.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-management.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/release-management.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-management.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/release-management.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-management.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/release-management.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-management.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/release-management.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-management.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/release-management.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/require-labels.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/su2code/SU2/require-labels.yml/master?enable=pin
Warn: containerImage not pinned by hash: docker/build/Dockerfile:1: pin your Docker image by updating ubuntu:18.04 to ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98
Warn: containerImage not pinned by hash: docker/test/Dockerfile:1: pin your Docker image by updating su2code/build-su2:20191029 to su2code/build-su2:20191029@sha256:a83e0a8149a50f67b9659dd791f918b1a66242393fcb75b95afbd72c944e7f97
Warn: pipCommand not pinned by hash: .github/workflows/code-style.yml:23
Info: 0 out of 22 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 24 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned