Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codecov.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codecov.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/codecov.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codecov.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-website.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/deploy-website.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-website.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/deploy-website.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-website.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/deploy-website.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/tests.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/jaredwray/keyv/tests.yaml/main?enable=pin
Warn: containerImage not pinned by hash: packages/postgres/Dockerfile.ssl:1: pin your Docker image by updating postgres:latest to postgres:latest@sha256:3962158596daaef3682838cc8eb0e719ad1ce520f88e34596ce8d5de1b6330a1
Warn: npmCommand not pinned by hash: .github/workflows/codecov.yaml:25
Warn: npmCommand not pinned by hash: .github/workflows/deploy-website.yml:27
Warn: npmCommand not pinned by hash: .github/workflows/tests.yaml:28
Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 0 out of 3 npmCommand dependencies pinned