Gathering detailed insights and metrics for @hyperledger/cactus-workshop-examples-2022-11-14
Gathering detailed insights and metrics for @hyperledger/cactus-workshop-examples-2022-11-14
Hyperledger Cacti is a new approach to the blockchain interoperability problem
Installations
npm install @hyperledger/cactus-workshop-examples-2022-11-14Developer Guide
BETA
Typescript
Yes
Module System
CommonJS, UMD
Min. Node Version
>=18
Node Version
18.18.2
NPM Version
lerna/3.7.0/node@v18.18.2+x64 (linux)
Score
15.7
Supply Chain
43.2
Quality
71.8
Maintenance
25
Vulnerability
84.8
License
Releases
89
v2.1.0
v2.1.0
Updated on Dec 02, 2024
v2.1.0 - GO Fabric Interop Chaincode - Dec 02, 2024
weaver/core/network/fabric-interop-cc/contracts/interop/v2.1.0
Updated on Dec 02, 2024
v2.1.0 - GO Fabric Weaver SDK - Dec 02, 2024
weaver/sdks/fabric/go-sdk/v2.1.0
Updated on Dec 02, 2024
v2.1.0 - GO Fabric Library for Asset Exchange - Dec 02, 2024
weaver/core/network/fabric-interop-cc/libs/assetexchange/v2.1.0
Updated on Dec 02, 2024
v2.1.0 - GO Fabric Utils Library for Interoperation - Dec 02, 2024
weaver/core/network/fabric-interop-cc/libs/utils/v2.1.0
Updated on Dec 02, 2024
v2.1.0 - GO Fabric Asset Management Interface - Dec 02, 2024
weaver/core/network/fabric-interop-cc/interfaces/asset-mgmt/v2.1.0
Updated on Dec 02, 2024
Languages
18
TypeScript
Kotlin
Go
JavaScript
Rust
Shell
Solidity
Makefile
Dockerfile
PLpgSQL
Logos
Mustache
Python
Java
ANTLR
Roff
EJS
HTML
TypeScript (57.7%)
Kotlin (14.89%)
Go (8.59%)
JavaScript (8.53%)
Rust (6.37%)
Shell (1.63%)
Solidity (0.79%)
Makefile (0.46%)
Dockerfile (0.32%)
PLpgSQL (0.21%)
Logos (0.14%)
Mustache (0.14%)
Python (0.11%)
Java (0.09%)
ANTLR (0.01%)
Roff (0.01%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
367 Stars
4,011 Commits
304 Forks
19 Watchers
24 Branches
108 Contributors
Updated on Jul 12, 2025
Maintainers
2
Package Meta Information
Latest Version
2.0.0
Package Id
@hyperledger/cactus-workshop-examples-2022-11-14@2.0.0
Unpacked Size
19.05 kB
Size
7.24 kB
File Count
4
NPM Version
lerna/3.7.0/node@v18.18.2+x64 (linux)
Node Version
18.18.2
Published on
Oct 18, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Hyperledger Cacti
Hyperledger Cacti is a multi-faceted pluggable interoperability framework to link networks built on heterogeneous distributed ledger and blockchain technologies and to run transactions spanning multiple networks. This project is the result of a merger of the Weaver Lab project with Hyperledger Cactus, which was subsequently renamed to Cacti. It draws on the cutting-edge technological features of both constituent projects to provide a common general purpose platform and toolkit for DLT interoperability. This was the first-of-a-kind merger of two systems, architecture and code bases, to create a new project, under the Hyperledger Foundation. See this Hyperledger Foundation blog article for more information about the merger.
Cacti is a Graduated Hyperledger project. Information on the different stages of a Hyperledger project and graduation criteria can be found in the Hyperledger Project Incubation Exit Criteria document.
Scope of Project
The existence of several blockchain and distributed ledger technologies of different flavours in the market as well as networks of varying scopes and sizes built on them necessitates the need for interoperability and integration, lest we end up with a fragmented ecosystem where digital assets and the workflows (often contracts) governing them remain isolated in silos. The solution to this is not to force all chains to coalesce (i.e., "a single chain to rule them all") but rather enable the networks to orchestrate transactions spanning their boundaries without sacrificing security, privacy, or governance autonomy (i.e., self-sovereignty). Hyperledger Cacti offers a family of protocols, modules, libraries, and SDKs, that can enable one network to be interoperable with, and carry out transactions directly with, another while eschewing the need for a central or common settlement chain. Cacti will allow networks to share ledger data, and exchange and transfer assets atomically, and manage identities, across their boundaries, as illustrated in the figure below.
As a fusion of two earlier systems (Cactus and Weaver) that have similar philosophies and goals, yet offer distinct mechanisms backed by different design and trust assumptions, Cacti offers a spectrum of selectable and configurable features for cross-network transaction orchestrations. An example illustrated below shows how distributed applications running on Fabric and Besu ledgers respectively can carry out the same set of cross-network transactions using the Node Server (Cactus legacy) or through Relays (Weaver legacy).
The current Cacti code base contains the legacy Cactus and Weaver source code in aggregated form with their original folder structures intact. But the packages built from the two sections of code are unified and released under a common cacti namespace, and the CI/CD pipelines for testing and releases are also integrated under a common set of GitHub Actions. A deeper merge and integration of source code is part of our roadmap, and will be carried out over a longer time period, but the current setup of code and release packages makes it easy for new users to navigate Cacti and for legacy users to carry out seamless upgrades.
(Reference for legacy users: Cactus source code lies here (i.e., the root folder), excluding the weaver folder. Weaver source code lies within the weaver folder.
Documentation
See the official Hyperledger Cacti documentation to get all your questions answered about the project, to get started with setup, testing, and evaluation, and to get hands-on with code and configurations. Here, you can find separate (and specific) instructions for getting started with running and experimenting with Cactus modules and Weaver modules respectively.
Roadmap
See ROADMAP.md for details on the envisioned integration.
Inclusive Language Statement
These guiding principles are very important to the maintainers and therefore we respectfully ask all contributors to abide by them as well:
- Consider that users who will read the docs are from different backgrounds and cultures and that they have different preferences.
- Avoid potential offensive terms and, for instance, prefer "allow list and deny list" to "white list and black list".
- We believe that we all have a role to play to improve our world, and even if writing inclusive documentation might not look like a huge improvement, it's a first step in the right direction.
- We suggest to refer to Microsoft bias free writing guidelines and Google inclusive doc writing guide as starting points.
Contact
- mailing list: cacti@lists.hyperledger.org
- discord channel: https://discord.com/invite/hyperledger
Contributing
We welcome contributions to Hyperledger Cacti in many forms, and there’s always plenty to do!
Please review contributing guidelines to get started.
License
This distribution is published under the Apache License Version 2.0 found in the LICENSE file.
No vulnerabilities found.
Reason
30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Reason
all changesets reviewed
Reason
19 different organizations found -- score normalized to 10
Details
- Info: contributors work for FujitsuLaboratories,IBM,ItsForkIT,NITDgpOS,PQCA,QualiChain,accenture,fujitsu,fujitsu limited,hyperledger,hyperledger-labs,hyperledger-labs @accenture,ibm,ibm research,ionata,lugnitdgp,mruby-zest,nipy,zynaddsubfx
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: License file found in expected location: LICENSE:1
- Info: FSF or OSI recognized license: LICENSE:1
Reason
30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10
Reason
publishing workflow detected
Details
- Info: GitHub/GitLab publishing workflow used in run https://api.github.com/repos/hyperledger/cacti/actions/runs/11149279261: .github/workflows/besu-all-in-one-publish.yaml:19
Reason
SAST tool is run on all commits
Details
- Info: all commits (30) are checked with a SAST tool
- Info: SAST tool detected: CodeQL
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)
- Info: Found text in security policy: SECURITY.md:1
Reason
badge detected: passing
Reason
binaries present in source code
Details
- Warn: binary detected: packages/cactus-plugin-keychain-memory-wasm/src/main/typescript/generated/wasm-pack/cactus_plugin_keychain_memory_wasm_bg.wasm:1
- Warn: binary detected: packages/cactus-plugin-ledger-connector-corda/src/main-server/kotlin/gen/kotlin-spring/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: weaver/common/protos-java-kt/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: weaver/core/drivers/corda-driver/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: weaver/core/network/corda-interop-app/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: weaver/samples/corda/corda-simple-application/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: weaver/sdks/corda/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: weaver/tests/network-setups/corda/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: weaver/tests/network-setups/corda/shared/Corda_Network/libs/Corda_Network-0.1.jar:1
- Warn: binary detected: weaver/tests/network-setups/corda/shared/Corda_Network2/libs/Corda_Network2-0.1.jar:1
Reason
project is not fuzzed
Details
- Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project: QuickCheck: https://hackage.haskell.org/package/QuickCheck hedgehog: https://hedgehog.qa/ validity: https://github.com/NorfairKing/validity smallcheck: https://hackage.haskell.org/package/smallcheck hspec: https://hspec.github.io/ tasty: https://hackage.haskell.org/package/tasty (High effort)
- Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
- Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.dast-nuclei-cmd-api-server.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/.dast-nuclei-cmd-api-server.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.dast-nuclei-cmd-api-server.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/.dast-nuclei-cmd-api-server.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.dast-nuclei-cmd-api-server.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/.dast-nuclei-cmd-api-server.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/.dast-nuclei-cmd-api-server.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/.dast-nuclei-cmd-api-server.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.dast-nuclei-cmd-api-server.yaml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/.dast-nuclei-cmd-api-server.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actionlint.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/actionlint.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/actionlint.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/actionlint.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/all-nodejs-packages-publish.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/all-nodejs-packages-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/all-nodejs-packages-publish.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/all-nodejs-packages-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/all-nodejs-packages-publish.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/all-nodejs-packages-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/besu-all-in-one-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/besu-all-in-one-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cacti-dev-container-vscode-publish.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/cacti-dev-container-vscode-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cacti-dev-container-vscode-publish.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/cacti-dev-container-vscode-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1774: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1777: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1781: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2274: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2277: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2281: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2290: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:535: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:538: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:542: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:552: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1609: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1612: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1616: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1230: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1233: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1236: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1245: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1336: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1339: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1343: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1352: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1431: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1434: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1438: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1448: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1741: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1744: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1748: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1093: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1096: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1100: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1109: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2007: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2010: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2014: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2023: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:404: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:407: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:411: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:421: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:572: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:575: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:579: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:589: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1642: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1645: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1649: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1675: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1678: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1682: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2578: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2581: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:377: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:380: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:383: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:989: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:992: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:996: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1005: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1194: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1197: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1201: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1210: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2074: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2077: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2081: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2090: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2240: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2243: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2247: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2256: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2558: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:851: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:854: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:858: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:867: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:677: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:680: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:684: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:693: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1024: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1027: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1031: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1040: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1543: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1546: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1550: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1872: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1875: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1879: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1888: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:279: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:309: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:324: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1126: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1129: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1133: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1142: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1576: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1579: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1583: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2492: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2495: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2499: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2508: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2596: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:816: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:819: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:823: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:832: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2459: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2462: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2466: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2475: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2610: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1160: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1163: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1167: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1176: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2171: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2174: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2178: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2187: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:445: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:448: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:452: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:462: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:481: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:496: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:506: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:607: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:610: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:614: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:623: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:955: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:958: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:962: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:971: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1059: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1062: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1066: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1075: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1472: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1475: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1479: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1488: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2548: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:239: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:350: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:353: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:356: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2617: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:2622: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1807: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1810: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1814: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1840: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1843: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1847: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2309: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2312: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2316: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2325: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:2331: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2351: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2354: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2358: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2367: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2389: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2392: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2396: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2405: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2603: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:711: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:714: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:718: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:727: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1375: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1379: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1383: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1394: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:1405: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1510: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1513: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1517: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2138: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2141: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2145: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2154: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2565: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2589: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:782: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:785: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:789: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:798: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1268: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1271: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1275: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1284: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1294: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:1304: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:921: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:924: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:928: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:937: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1908: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1911: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1914: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1923: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2040: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2043: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2047: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2056: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2207: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2210: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2214: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2223: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2525: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2528: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2532: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2541: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:746: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:749: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:753: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:762: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1708: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1711: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1715: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1940: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1943: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1946: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1955: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1974: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1977: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1981: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:1990: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2422: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2425: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2428: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:2437: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:641: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:644: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:648: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:658: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:885: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:888: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:892: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:901: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cmd-api-server-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/cmd-api-server-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commitlint-pull-request.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/commitlint-pull-request.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/commitlint-pull-request.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/commitlint-pull-request.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/connector-besu-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/connector-besu-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/connector-corda-server-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/connector-corda-server-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/connector-fabric-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/connector-fabric-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage_ts.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/coverage_ts.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage_ts.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/coverage_ts.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage_ts.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/coverage_ts.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage_ts.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/coverage_ts.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage_ts.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/coverage_ts.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/daml-all-in-one-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/daml-all-in-one-publish.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependent-issues.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/dependent-issues.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy_docs.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/deploy_docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy_docs.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/deploy_docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy_docs.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/deploy_docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev-container-vscode-publish.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/dev-container-vscode-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev-container-vscode-publish.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/dev-container-vscode-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/example-carbon-accounting-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/example-carbon-accounting-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/example-supply-chain-app-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/example-supply-chain-app-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fabric2-all-in-one-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/fabric2-all-in-one-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/geth-all-in-one-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/geth-all-in-one-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gg-shield-action.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/gg-shield-action.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gg-shield-action.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/gg-shield-action.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:232: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/iroha2-all-in-one-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/iroha2-all-in-one-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/keychain-vault-server-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/keychain-vault-server-publish.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-commit-parity.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/pr-commit-parity.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/publish-npm.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/publish-npm.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sawtooth-all-in-one-publish.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/sawtooth-all-in-one-publish.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pull-request.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/semantic-pull-request.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-besu.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-besu.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-besu.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-besu.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-besu.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-besu.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-besu.yaml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-besu.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-besu.yaml:244: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-besu.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-besu.yaml:250: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-besu.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-besu.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-besu.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-besu.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-besu.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-corda.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-corda.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-corda.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-corda.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-corda.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-corda.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-corda.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-corda.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-corda.yaml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-corda.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-corda.yaml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-corda.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-corda.yaml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-corda.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-corda.yaml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-corda.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-corda.yaml:252: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-corda.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-fabric.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-fabric.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-fabric.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-fabric.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-fabric.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-fabric.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-fabric.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-fabric.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-fabric.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-fabric.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-fabric.yaml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-fabric.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-fabric.yaml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-fabric.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-exchange-fabric.yaml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-fabric.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:694: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:697: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:703: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:708: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:713: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-corda-interop-app.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-corda-interop-app.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-corda-interop-app.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-corda-interop-app.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-corda-interop-app.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-corda-interop-app.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-corda-interop-app.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-corda-interop-app.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:427: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:429: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:438: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:444: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:449: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:854: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:856: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:865: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:871: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:876: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:881: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-docker-build.yaml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-docker-build.yaml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-docker-build.yaml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-docker-build.yaml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-docker-build.yaml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-docker-build.yaml:197: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-docker-build.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-docker-build.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-docker-build.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-docker-build.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-docker-build.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-fabric-fabric-satp.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-fabric-fabric-satp.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-fabric-fabric-satp.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-fabric-fabric-satp.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-fabric-fabric-satp.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-fabric-fabric-satp.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-fabric-fabric-satp.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-fabric-fabric-satp.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-fabric-fabric-satp.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-fabric-fabric-satp.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-fabric-fabric-satp.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-fabric-fabric-satp.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:279: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:303: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:327: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:330: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-go.yaml:234: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-node-pkgs.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-node-pkgs.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-node-pkgs.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-node-pkgs.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-node-pkgs.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-node-pkgs.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-node-pkgs.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-node-pkgs.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-node-pkgs.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-node-pkgs.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-node-pkgs.yaml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-node-pkgs.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-node-pkgs.yaml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-node-pkgs.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-node-pkgs.yaml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-node-pkgs.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-pre-release.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-pre-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-pre-release.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-pre-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-pre-release.yaml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-pre-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-relay.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-relay.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-relay.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-relay.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-relay.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-relay.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-relay.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-relay.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-relay.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-relay.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-relay.yaml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-relay.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-relay.yaml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-relay.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-relay.yaml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-relay.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_weaver-relay.yaml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-relay.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_weaver-relay.yaml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-relay.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_corda-pkgs.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_corda-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_corda-pkgs.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_corda-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_corda-pkgs.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_corda-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_corda-pkgs.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_corda-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_corda-pkgs.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_corda-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_corda-pkgs.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_corda-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_corda-pkgs.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_corda-pkgs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/weaver_deploy_corda-pkgs.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_corda-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:342: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:345: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:384: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:408: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:411: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:252: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:276: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:279: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_go-pkgs.yml:318: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_node-pkgs.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_node-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_node-pkgs.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_node-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_node-pkgs.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_node-pkgs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/weaver_deploy_node-pkgs.yml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_node-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_node-pkgs.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_node-pkgs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/weaver_deploy_node-pkgs.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_node-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_node-pkgs.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_node-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_node-pkgs.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_node-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_node-pkgs.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_node-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_node-pkgs.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_node-pkgs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_relay-server.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_relay-server.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/weaver_deploy_relay-server.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_relay-server.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weaver_deploy_relay-server.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_relay-server.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/weaver_deploy_relay-server.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_relay-server.yml/main?enable=pin
- Warn: containerImage not pinned by hash: examples/cactus-common-example-server/Dockerfile:1: pin your Docker image by updating node:16 to node:16@sha256:f77a1aef2da8d83e45ec990f45df50f1a286c5fe8bbfb8c6e4246c6389705c0b
- Warn: containerImage not pinned by hash: examples/cactus-example-carbon-accounting-backend/src/utility-emissions-channel/typescript/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/cactus-example-carbon-accounting-backend/src/utility-emissions-channel/typescript/Dockerfile:11: pin your Docker image by updating node:12.13.0-alpine to node:12.13.0-alpine@sha256:ae1822c17b0087cb1eea794e5a293d56cc1fe01f01ef5494d0687c1ef9584239
- Warn: containerImage not pinned by hash: examples/cactus-example-cbdc-bridging-backend/Dockerfile:1: pin your Docker image by updating cruizba/ubuntu-dind:19.03.11 to cruizba/ubuntu-dind:19.03.11@sha256:48cd7dfebe65821b9aaae2e2e58168804f8b8e178801b66a0be8eef2a0bcbe48
- Warn: containerImage not pinned by hash: examples/cactus-example-cbdc-bridging-frontend/Dockerfile:3: pin your Docker image by updating node:16-alpine to node:16-alpine@sha256:a1f9d027912b58a7c75be7716c97cfbc6d3099f3a97ed84aa490be9dee20e787
- Warn: containerImage not pinned by hash: examples/cactus-example-discounted-asset-trade/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/cactus-example-electricity-trade/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/cactus-example-supply-chain-backend/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/carbon-accounting/Dockerfile:1
- Warn: containerImage not pinned by hash: packages/cactus-cmd-api-server/cmd-api-server.Dockerfile:1: pin your Docker image by updating node:22.4.0-bookworm-slim to node:22.4.0-bookworm-slim@sha256:ee76feb064dbe3579085bc2517cb54ecf64b083db8f6f80341cfe4a4770d1415
- Warn: containerImage not pinned by hash: packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/Dockerfile:1
- Warn: containerImage not pinned by hash: packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/Dockerfile:13: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:b359f1067efa76f37863778f7b6d0e8d911e3ee8efa807ad01fbf5dc1ef9006b
- Warn: containerImage not pinned by hash: packages/cactus-plugin-ledger-connector-corda/src/main-server/Dockerfile:1
- Warn: containerImage not pinned by hash: packages/cactus-plugin-ledger-connector-corda/src/main-server/Dockerfile:11: pin your Docker image by updating openjdk:24-slim-bookworm to openjdk:24-slim-bookworm@sha256:ba8782422321c04b73c680ddc42c316df134bb0dc07889ae35c1cc64d5a87fd3
- Warn: containerImage not pinned by hash: packages/cactus-plugin-persistence-ethereum/Dockerfile:1: pin your Docker image by updating node:16 to node:16@sha256:f77a1aef2da8d83e45ec990f45df50f1a286c5fe8bbfb8c6e4246c6389705c0b
- Warn: containerImage not pinned by hash: packages/cactus-plugin-persistence-fabric/Dockerfile:1: pin your Docker image by updating node:16 to node:16@sha256:f77a1aef2da8d83e45ec990f45df50f1a286c5fe8bbfb8c6e4246c6389705c0b
- Warn: containerImage not pinned by hash: tools/docker/besu-all-in-one/Dockerfile:4
- Warn: containerImage not pinned by hash: tools/docker/besu-all-in-one/Dockerfile:5
- Warn: containerImage not pinned by hash: tools/docker/besu-all-in-one/v21_1_x/Dockerfile:3
- Warn: containerImage not pinned by hash: tools/docker/besu-all-in-one/v21_1_x/Dockerfile:4
- Warn: containerImage not pinned by hash: tools/docker/besu-multi-party-all-in-one/Dockerfile:6
- Warn: containerImage not pinned by hash: tools/docker/besu-multi-party-all-in-one/Dockerfile:20: pin your Docker image by updating docker:24.0.5-dind to docker:24.0.5-dind@sha256:3c6e4dca7a63c9a32a4e00da40461ce067f255987ccc9721cf18ffa087bcd1ef
- Warn: containerImage not pinned by hash: tools/docker/corda-all-in-one/corda-v4_12/Dockerfile:1
- Warn: containerImage not pinned by hash: tools/docker/corda-all-in-one/corda-v4_12/Dockerfile:17: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:58b87898e82351c6cf9cf5b9f3c20257bb9e2dcf33af051e12ce532d7f94e3fe
- Warn: containerImage not pinned by hash: tools/docker/corda-all-in-one/corda-v4_8-flowdb/Dockerfile:1: pin your Docker image by updating docker:24.0.2-dind to docker:24.0.2-dind@sha256:1d148deae16a6bb4c89224c636e1fd1799a4d5925f545861ce0d7bea3a527b5d
- Warn: containerImage not pinned by hash: tools/docker/corda-all-in-one/corda-v5/Dockerfile:1: pin your Docker image by updating docker:20.10.3-dind to docker:20.10.3-dind@sha256:43df6c4dbc32ccb306412fcce5b1443310cf9d91507409d7258cea1c9ee731f4
- Warn: containerImage not pinned by hash: tools/docker/daml-all-in-one/Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:58b87898e82351c6cf9cf5b9f3c20257bb9e2dcf33af051e12ce532d7f94e3fe
- Warn: containerImage not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v1.4.x:3: pin your Docker image by updating docker:24.0.5-dind to docker:24.0.5-dind@sha256:3c6e4dca7a63c9a32a4e00da40461ce067f255987ccc9721cf18ffa087bcd1ef
- Warn: containerImage not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v2.x:1: pin your Docker image by updating docker:24.0.5-dind to docker:24.0.5-dind@sha256:3c6e4dca7a63c9a32a4e00da40461ce067f255987ccc9721cf18ffa087bcd1ef
- Warn: containerImage not pinned by hash: tools/docker/geth-all-in-one/Dockerfile:1: pin your Docker image by updating ethereum/client-go:v1.12.0 to ethereum/client-go:v1.12.0@sha256:c601019e4426e1320d59631c0d55005c64da641455da97a0b79f89b617707685
- Warn: containerImage not pinned by hash: tools/docker/indy-all-in-one/Dockerfile:6: pin your Docker image by updating ghcr.io/hyperledger/indy-node-container/indy_node:1.12.6-ubuntu18-main to ghcr.io/hyperledger/indy-node-container/indy_node:1.12.6-ubuntu18-main@sha256:3ebbd3c764cf7da90df61e4f5024c8293ebd2b07583a6142bd7991dea863c888
- Warn: containerImage not pinned by hash: tools/docker/iroha2-all-in-one/Dockerfile:5
- Warn: containerImage not pinned by hash: tools/docker/iroha2-all-in-one/Dockerfile:22: pin your Docker image by updating docker:24.0.5-dind to docker:24.0.5-dind@sha256:3c6e4dca7a63c9a32a4e00da40461ce067f255987ccc9721cf18ffa087bcd1ef
- Warn: containerImage not pinned by hash: tools/docker/sawtooth-all-in-one/Dockerfile:1: pin your Docker image by updating docker:24.0.5-dind to docker:24.0.5-dind@sha256:3c6e4dca7a63c9a32a4e00da40461ce067f255987ccc9721cf18ffa087bcd1ef
- Warn: containerImage not pinned by hash: tools/docker/substrate-all-in-one/Dockerfile:1
- Warn: containerImage not pinned by hash: tools/docker/substrate-all-in-one/Dockerfile:6: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:6d8d9799fe6ab3221965efac00b4c34a2bcc102c086a58dff9e19a08b913c7ef
- Warn: containerImage not pinned by hash: tools/docker/supabase-all-in-one/Dockerfile:12
- Warn: containerImage not pinned by hash: tools/docker/supabase-all-in-one/Dockerfile:35: pin your Docker image by updating docker:25.0.5-dind to docker:25.0.5-dind@sha256:b41d0183012e2334aacd4e0b8e339b89246c4fdb7eada6cc86b0355f41328549
- Warn: containerImage not pinned by hash: weaver/core/drivers/corda-driver/Dockerfile.local:2
- Warn: containerImage not pinned by hash: weaver/core/drivers/corda-driver/Dockerfile.local:7
- Warn: containerImage not pinned by hash: weaver/core/drivers/corda-driver/Dockerfile.local:10: pin your Docker image by updating eclipse-temurin:17-jre-noble to eclipse-temurin:17-jre-noble@sha256:4beee0817900f0cf3353604c2e1d132ba4dbdb737938fcb2c4f702905c3a4c6e
- Warn: containerImage not pinned by hash: weaver/core/drivers/corda-driver/Dockerfile.remote:2
- Warn: containerImage not pinned by hash: weaver/core/drivers/corda-driver/Dockerfile.remote:17
- Warn: containerImage not pinned by hash: weaver/core/drivers/corda-driver/Dockerfile.remote:20: pin your Docker image by updating eclipse-temurin:17-jre-noble to eclipse-temurin:17-jre-noble@sha256:4beee0817900f0cf3353604c2e1d132ba4dbdb737938fcb2c4f702905c3a4c6e
- Warn: containerImage not pinned by hash: weaver/core/drivers/fabric-driver/fabricDriver.dockerfile:11
- Warn: containerImage not pinned by hash: weaver/core/drivers/fabric-driver/fabricDriver.dockerfile:25
- Warn: containerImage not pinned by hash: weaver/core/drivers/fabric-driver/fabricDriver.dockerfile:30
- Warn: containerImage not pinned by hash: weaver/core/drivers/fabric-driver/fabricDriver.dockerfile.local:4
- Warn: containerImage not pinned by hash: weaver/core/drivers/fabric-driver/fabricDriver.dockerfile.local:20
- Warn: containerImage not pinned by hash: weaver/core/drivers/fabric-driver/fabricDriver.dockerfile.local:25
- Warn: containerImage not pinned by hash: weaver/core/identity-management/iin-agent/iinagent.Dockerfile:11
- Warn: containerImage not pinned by hash: weaver/core/identity-management/iin-agent/iinagent.Dockerfile:24
- Warn: containerImage not pinned by hash: weaver/core/identity-management/iin-agent/iinagent.Dockerfile:29
- Warn: containerImage not pinned by hash: weaver/core/identity-management/iin-agent/iinagent.local.Dockerfile:4
- Warn: containerImage not pinned by hash: weaver/core/identity-management/iin-agent/iinagent.local.Dockerfile:18
- Warn: containerImage not pinned by hash: weaver/core/identity-management/iin-agent/iinagent.local.Dockerfile:23
- Warn: containerImage not pinned by hash: weaver/core/network/fabric-interop-cc/Dockerfile:1
- Warn: containerImage not pinned by hash: weaver/core/network/fabric-interop-cc/Dockerfile:12
- Warn: containerImage not pinned by hash: weaver/core/relay/Dockerfile:1
- Warn: containerImage not pinned by hash: weaver/core/relay/Dockerfile:47
- Warn: containerImage not pinned by hash: weaver/core/relay/Dockerfile.client:1
- Warn: containerImage not pinned by hash: weaver/core/relay/Dockerfile.client:48
- Warn: containerImage not pinned by hash: weaver/core/relay/Dockerfile.driver:1
- Warn: containerImage not pinned by hash: weaver/core/relay/Dockerfile.driver:48
- Warn: containerImage not pinned by hash: weaver/core/relay/Dockerfile.server:1
- Warn: containerImage not pinned by hash: weaver/core/relay/Dockerfile.server:45
- Warn: containerImage not pinned by hash: weaver/samples/corda/corda-simple-application/Dockerfile:1
- Warn: containerImage not pinned by hash: weaver/samples/corda/corda-simple-application/Dockerfile:8
- Warn: containerImage not pinned by hash: weaver/samples/fabric/fabric-cli/Dockerfile:1: pin your Docker image by updating node:10 to node:10@sha256:59531d2835edd5161c8f9512f9e095b1836f7a1fcb0ab73e005ec46047384911
- Warn: containerImage not pinned by hash: weaver/samples/fabric/simplestate/Dockerfile:1
- Warn: containerImage not pinned by hash: weaver/samples/fabric/simplestate/Dockerfile:11
- Warn: containerImage not pinned by hash: weaver/samples/fabric/simplestatewithacl/Dockerfile:1
- Warn: containerImage not pinned by hash: weaver/samples/fabric/simplestatewithacl/Dockerfile:11
- Warn: containerImage not pinned by hash: weaver/tests/network-setups/indy/docker/Dockerfile:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:6d8d9799fe6ab3221965efac00b4c34a2bcc102c086a58dff9e19a08b913c7ef
- Warn: npmCommand not pinned by hash: examples/cactus-example-carbon-accounting-backend/src/utility-emissions-channel/typescript/Dockerfile:3
- Warn: npmCommand not pinned by hash: examples/cactus-example-carbon-accounting-backend/src/utility-emissions-channel/typescript/Dockerfile:7
- Warn: downloadThenRun not pinned by hash: examples/cactus-example-cbdc-bridging-backend/Dockerfile:35
- Warn: npmCommand not pinned by hash: examples/cactus-example-cbdc-bridging-backend/Dockerfile:37-40
- Warn: npmCommand not pinned by hash: examples/cactus-example-cbdc-bridging-frontend/Dockerfile:9
- Warn: downloadThenRun not pinned by hash: examples/cactus-example-supply-chain-backend/Dockerfile:42
- Warn: npmCommand not pinned by hash: examples/cactus-example-supply-chain-backend/Dockerfile:44-64
- Warn: downloadThenRun not pinned by hash: examples/carbon-accounting/Dockerfile:36
- Warn: npmCommand not pinned by hash: examples/carbon-accounting/Dockerfile:37-42
- Warn: npmCommand not pinned by hash: tools/docker/besu-multi-party-all-in-one/Dockerfile:12
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v1.4.x:75
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v1.4.x:142
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v1.4.x:143
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v1.4.x:144
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v1.4.x:145
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v1.4.x:146
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v2.x:151
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v2.x:152
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v2.x:153
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v2.x:154
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v2.x:155
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v2.x:156
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v2.x:157
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v2.x:158
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v2.x:159
- Warn: downloadThenRun not pinned by hash: tools/docker/fabric-all-in-one/Dockerfile_v2.x:166
- Warn: pipCommand not pinned by hash: tools/docker/indy-all-in-one/Dockerfile:7
- Warn: npmCommand not pinned by hash: weaver/core/drivers/fabric-driver/fabricDriver.dockerfile:17
- Warn: npmCommand not pinned by hash: weaver/core/drivers/fabric-driver/fabricDriver.dockerfile.local:11
- Warn: npmCommand not pinned by hash: weaver/core/identity-management/iin-agent/iinagent.Dockerfile:17
- Warn: npmCommand not pinned by hash: weaver/core/identity-management/iin-agent/iinagent.local.Dockerfile:11
- Warn: npmCommand not pinned by hash: weaver/samples/fabric/fabric-cli/Dockerfile:9
- Warn: downloadThenRun not pinned by hash: weaver/tests/network-setups/indy/docker/Dockerfile:14
- Warn: pipCommand not pinned by hash: weaver/tests/network-setups/indy/docker/Dockerfile:20
- Warn: pipCommand not pinned by hash: weaver/tests/network-setups/indy/docker/Dockerfile:24
- Warn: npmCommand not pinned by hash: examples/cactus-example-discounted-asset-trade/script-start-ledgers.sh:88
- Warn: npmCommand not pinned by hash: .github/workflows/cacti-dev-container-vscode-publish.yaml:40
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:2584
- Warn: pipCommand not pinned by hash: .github/workflows/deploy_docs.yml:47
- Warn: npmCommand not pinned by hash: .github/workflows/dev-container-vscode-publish.yaml:38
- Warn: npmCommand not pinned by hash: .github/workflows/test_weaver-asset-exchange-fabric.yaml:78
- Warn: goCommand not pinned by hash: .github/workflows/test_weaver-asset-exchange-fabric.yaml:146
- Warn: npmCommand not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:187
- Warn: goCommand not pinned by hash: .github/workflows/test_weaver-asset-transfer.yaml:730
- Warn: npmCommand not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:186
- Warn: goCommand not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:458
- Warn: goCommand not pinned by hash: .github/workflows/test_weaver-data-sharing.yaml:898
- Warn: goCommand not pinned by hash: .github/workflows/test_weaver-fabric-fabric-satp.yaml:75
- Warn: pipCommand not pinned by hash: .github/workflows/test_weaver-node-pkgs.yaml:152
- Info: 3 out of 451 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 45 third-party GitHubAction dependencies pinned
- Info: 0 out of 74 containerImage dependencies pinned
- Info: 4 out of 23 npmCommand dependencies pinned
- Info: 0 out of 20 downloadThenRun dependencies pinned
- Info: 0 out of 5 pipCommand dependencies pinned
- Info: 6 out of 11 goCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/.dast-nuclei-cmd-api-server.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/.dast-nuclei-cmd-api-server.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/actionlint.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/actionlint.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/all-nodejs-packages-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/all-nodejs-packages-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/besu-all-in-one-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/besu-all-in-one-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/besu-all-in-one-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/cacti-dev-container-vscode-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/cacti-dev-container-vscode-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/cacti-dev-container-vscode-publish.yaml:28
- Warn: no topLevel permission defined: .github/workflows/ci.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: jobLevel permissions set to 'write-all': .github/workflows/ci.yaml:1250: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Warn: no topLevel permission defined: .github/workflows/ci_weaver.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ci_weaver.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/cmd-api-server-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/cmd-api-server-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/cmd-api-server-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/codeql-analysis.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/commitlint-pull-request.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/commitlint-pull-request.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/connector-besu-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/connector-besu-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/connector-besu-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/connector-corda-server-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/connector-corda-server-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/connector-corda-server-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/connector-fabric-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/connector-fabric-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/connector-fabric-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/coverage_ts.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/coverage_ts.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/daml-all-in-one-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/daml-all-in-one-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/daml-all-in-one-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/dco.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/dco.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/dependent-issues.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/dependent-issues.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/deploy_docs.yml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/deploy_docs.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/deploy_docs.yml:28: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Warn: no topLevel permission defined: .github/workflows/dev-container-vscode-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/dev-container-vscode-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/dev-container-vscode-publish.yaml:28
- Warn: no topLevel permission defined: .github/workflows/example-carbon-accounting-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/example-carbon-accounting-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/example-carbon-accounting-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/example-supply-chain-app-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/example-supply-chain-app-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/example-supply-chain-app-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/fabric2-all-in-one-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/fabric2-all-in-one-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/fabric2-all-in-one-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/geth-all-in-one-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/geth-all-in-one-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/geth-all-in-one-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/gg-shield-action.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/gg-shield-action.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/ghpkg-all-kotlin-api-clients-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/ghpkg-all-kotlin-api-clients-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/iroha2-all-in-one-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/iroha2-all-in-one-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/iroha2-all-in-one-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/keychain-vault-server-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/keychain-vault-server-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/keychain-vault-server-publish.yaml:27
- Warn: no topLevel permission defined: .github/workflows/pr-commit-parity.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/pr-commit-parity.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/publish-npm.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/publish-npm.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/sawtooth-all-in-one-publish.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/sawtooth-all-in-one-publish.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/sawtooth-all-in-one-publish.yaml:27
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:22
- Warn: no topLevel permission defined: .github/workflows/semantic-pull-request.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/semantic-pull-request.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-asset-exchange-besu.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-besu.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-asset-exchange-corda.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-corda.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-asset-exchange-fabric.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-exchange-fabric.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-asset-transfer.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-asset-transfer.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-corda-interop-app.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-corda-interop-app.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-data-sharing.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-data-sharing.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-docker-build.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-docker-build.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-fabric-fabric-satp.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-fabric-fabric-satp.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-go.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-go.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-node-pkgs.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-node-pkgs.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-pre-release.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-pre-release.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/test_weaver-relay.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/test_weaver-relay.yaml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/weaver_deploy_corda-pkgs.yml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_corda-pkgs.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/weaver_deploy_corda-pkgs.yml:20
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/weaver_deploy_corda-pkgs.yml:19: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/weaver_deploy_corda-pkgs.yml:56: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/weaver_deploy_corda-pkgs.yml:57
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/weaver_deploy_corda-pkgs.yml:96: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/weaver_deploy_corda-pkgs.yml:97
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/weaver_deploy_corda-pkgs.yml:136: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/weaver_deploy_corda-pkgs.yml:137
- Warn: no topLevel permission defined: .github/workflows/weaver_deploy_go-pkgs.yml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_go-pkgs.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: no topLevel permission defined: .github/workflows/weaver_deploy_node-pkgs.yml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_node-pkgs.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/weaver_deploy_node-pkgs.yml:23: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/weaver_deploy_node-pkgs.yml:24
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/weaver_deploy_node-pkgs.yml:77: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/weaver_deploy_node-pkgs.yml:78
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/weaver_deploy_node-pkgs.yml:122: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/weaver_deploy_node-pkgs.yml:123
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/weaver_deploy_node-pkgs.yml:168
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/weaver_deploy_node-pkgs.yml:167: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/weaver_deploy_node-pkgs.yml:207: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/weaver_deploy_node-pkgs.yml:208
- Warn: no topLevel permission defined: .github/workflows/weaver_deploy_relay-server.yml:1: Visit https://app.stepsecurity.io/secureworkflow/hyperledger/cacti/weaver_deploy_relay-server.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/weaver_deploy_relay-server.yml:21
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/weaver_deploy_relay-server.yml:46
Reason
51 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-x4gp-pqpj-f43q
- Warn: Project is vulnerable to: RUSTSEC-2024-0344
- Warn: Project is vulnerable to: GHSA-mc8h-8q98-g5hr / RUSTSEC-2023-0018
- Warn: Project is vulnerable to: RUSTSEC-2021-0139
- Warn: Project is vulnerable to: GHSA-g98v-hv3f-hcfr / RUSTSEC-2021-0145
- Warn: Project is vulnerable to: RUSTSEC-2024-0375
- Warn: Project is vulnerable to: RUSTSEC-2023-0081
- Warn: Project is vulnerable to: GHSA-wcg3-cvx6-7396 / RUSTSEC-2020-0071
- Warn: Project is vulnerable to: GHSA-fg7r-2g4j-5cgr / RUSTSEC-2021-0124
- Warn: Project is vulnerable to: GHSA-4q83-7cq4-p6wg / RUSTSEC-2023-0005
- Warn: Project is vulnerable to: GHSA-8r3f-844c-mc37 / GO-2024-2611
- Warn: Project is vulnerable to: RUSTSEC-2021-0141
- Warn: Project is vulnerable to: GHSA-2326-pfpj-vx3h
- Warn: Project is vulnerable to: RUSTSEC-2023-0086
- Warn: Project is vulnerable to: RUSTSEC-2024-0320
- Warn: Project is vulnerable to: GHSA-7v5v-9h63-cj86
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-wrw9-m778-g6mc
- Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
- Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-22r3-9w55-cj54
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g
- Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Score
5.8
/10
Last Scanned on 2024-10-05T02:48:54Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More