{"id":344219,"url":"https://github.com/apache/arrow","last_synced_at":"2026-05-29T00:20:36.063Z","repository":{"id":37274349,"uuid":"51905353","full_name":"apache/arrow","owner":"apache","description":"Apache Arrow is the universal columnar format and multi-language toolbox for fast data interchange and in-memory analytics","archived":false,"fork":false,"pushed_at":"2025-10-17T09:36:11.000Z","size":216847,"stargazers_count":16075,"open_issues_count":4659,"forks_count":3876,"subscribers_count":345,"default_branch":"main","last_synced_at":"2025-10-19T09:03:57.403Z","etag":null,"topics":["arrow","parquet"],"latest_commit_sha":null,"homepage":"https://arrow.apache.org/","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apache.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE.txt","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-02-17T08:00:23.000Z","updated_at":"2025-10-19T07:35:03.000Z","dependencies_parsed_at":"2023-09-21T19:00:16.372Z","dependency_job_id":"eb82d521-fda2-4e8c-86a3-b41d5c67b1f9","html_url":"https://github.com/apache/arrow","commit_stats":{"total_commits":17076,"total_committers":1249,"mean_commits":"13.671737389911929","dds":0.9033731553056922,"last_synced_commit":"f41f59066b79fbf59719e68ef0f908afd6c5218c"},"previous_names":[],"tags_count":142,"template":false,"template_full_name":null,"purl":"pkg:github/apache/arrow","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Farrow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Farrow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Farrow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Farrow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apache","download_url":"https://codeload.github.com/apache/arrow/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Farrow/sbom","scorecard":{"id":55500,"data":{"date":"2025-08-11","repo":{"name":"github.com/apache/arrow","commit":"0ae71f81d56bfac1968956304e965790510bfa7c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.3,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":7,"reason":"Found 22/28 approved changesets -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/apache/.github/.github/SECURITY.md:1","Info: Found linked content: github.com/apache/.github/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/apache/.github/.github/SECURITY.md:1","Info: Found text in security policy: github.com/apache/.github/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/cpp.yml:74"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/csharp.yml:136","Info: topLevel 'contents' permission set to 'read': .github/workflows/archery.yml:50","Info: topLevel 'contents' permission set to 'read': .github/workflows/comment_bot.yml:28","Info: topLevel 'contents' permission set to 'read': .github/workflows/cpp.yml:66","Info: topLevel 'contents' permission set to 'read': .github/workflows/cpp_extra.yml:74","Info: topLevel 'contents' permission set to 'read': .github/workflows/csharp.yml:42","Info: topLevel 'contents' permission set to 'read': .github/workflows/dev.yml:35","Info: topLevel 'contents' permission set to 'read': .github/workflows/dev_pr.yml:37","Info: topLevel 'contents' permission set to 'read': .github/workflows/docs.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/docs_light.yml:34","Info: topLevel 'contents' permission set to 'read': .github/workflows/integration.yml:54","Info: topLevel 'contents' permission set to 'read': .github/workflows/issue_bot.yml:26","Info: topLevel 'contents' permission set to 'read': .github/workflows/matlab.yml:44","Info: topLevel 'contents' permission set to 'read': .github/workflows/pr_bot.yml:31","Info: topLevel 'contents' permission set to 'read': .github/workflows/pr_review_trigger.yml:22","Info: topLevel 'contents' permission set to 'read': .github/workflows/python.yml:48","Info: topLevel 'contents' permission set to 'read': .github/workflows/r.yml:58","Info: topLevel 'contents' permission set to 'read': .github/workflows/r_nightly.yml:40","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:28","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release_candidate.yml:40","Info: topLevel 'contents' permission set to 'read': .github/workflows/ruby.yml:62","Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_rc.yml:36"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: apache-arrow-21.0.0.tar.gz.asc: https://github.com/apache/arrow/releases/tag/apache-arrow-21.0.0","Info: signed release artifact: apache-arrow-21.0.0.tar.gz.asc: https://github.com/apache/arrow/releases/tag/apache-arrow-21.0.0-rc6","Info: signed release artifact: apache-arrow-21.0.0.tar.gz.asc: https://github.com/apache/arrow/releases/tag/apache-arrow-21.0.0-rc5","Info: signed release artifact: apache-arrow-21.0.0.tar.gz.asc: https://github.com/apache/arrow/releases/tag/apache-arrow-21.0.0-rc4","Info: signed release artifact: apache-arrow-21.0.0.tar.gz.asc: https://github.com/apache/arrow/releases/tag/apache-arrow-21.0.0-rc3","Warn: release artifact apache-arrow-21.0.0 does not have provenance: https://api.github.com/repos/apache/arrow/releases/233054882","Warn: release artifact apache-arrow-21.0.0-rc6 does not have provenance: https://api.github.com/repos/apache/arrow/releases/231700940","Warn: release artifact apache-arrow-21.0.0-rc5 does not have provenance: https://api.github.com/repos/apache/arrow/releases/231689096","Warn: release artifact apache-arrow-21.0.0-rc4 does not have provenance: https://api.github.com/repos/apache/arrow/releases/231668362","Warn: release artifact apache-arrow-21.0.0-rc3 does not have provenance: https://api.github.com/repos/apache/arrow/releases/231652512"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found","Info: CppLibFuzzer integration found: cpp/src/arrow/ipc/file_fuzz.cc:24","Info: CppLibFuzzer integration found: cpp/src/arrow/ipc/stream_fuzz.cc:24","Info: CppLibFuzzer integration found: cpp/src/arrow/ipc/tensor_stream_fuzz.cc:24","Info: CppLibFuzzer integration found: cpp/src/parquet/arrow/fuzz.cc:21","Info: CppLibFuzzer integration found: cpp/src/arrow/ipc/file_fuzz.cc:24","Info: CppLibFuzzer integration found: cpp/src/arrow/ipc/stream_fuzz.cc:24","Info: CppLibFuzzer integration found: cpp/src/arrow/ipc/tensor_stream_fuzz.cc:24","Info: CppLibFuzzer integration found: cpp/src/parquet/arrow/fuzz.cc:21"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":0,"reason":"27 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: CVE-2021-46141","Warn: Project is vulnerable to: CVE-2021-46142","Warn: Project is vulnerable to: CVE-2024-34402","Warn: Project is vulnerable to: CVE-2024-34403","Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg","Warn: Project is vulnerable to: GHSA-29gw-9793-fvw7","Warn: Project is vulnerable to: PYSEC-2015-24 / GHSA-4vwq-x64q-j4cj","Warn: Project is vulnerable to: PYSEC-2017-46 / GHSA-66gw-5xpf-gfp5","Warn: Project is vulnerable to: PYSEC-2015-25 / GHSA-92mr-v722-f48m","Warn: Project is vulnerable to: PYSEC-2022-12 / GHSA-pq7m-3gw7-gq5x","Warn: Project is vulnerable to: PYSEC-2017-47","Warn: Project is vulnerable to: PYSEC-2020-73","Warn: Project is vulnerable to: PYSEC-2018-34 / GHSA-2fc2-6r4j-p65h","Warn: Project is vulnerable to: PYSEC-2021-856 / GHSA-5545-2q6w-2gh6","Warn: Project is vulnerable to: PYSEC-2019-108 / GHSA-9fq2-x9r6-wfmf","Warn: Project is vulnerable to: PYSEC-2018-33 / GHSA-cw6w-4rcx-xphc","Warn: Project is vulnerable to: PYSEC-2021-857 / GHSA-f7c7-j99h-c22f","Warn: Project is vulnerable to: GHSA-fpfv-jqm9-f5jm","Warn: Project is vulnerable to: PYSEC-2017-1 / GHSA-frgw-fgh6-9g52","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-cx63-2mw6-8hw5","Warn: Project is vulnerable to: PYSEC-2022-43012 / GHSA-r9hx-vwmv-q579","Warn: Project is vulnerable to: PYSEC-2022-43017 / GHSA-qwmp-2cf2-g9g6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: (( can only be used to open an arithmetic cmd: ci/docker/python-wheel-windows-test-vs2022-base.dockerfile:47-48","Info: Possibly incomplete results: error parsing shell code: \"if \u003ccond\u003e\" must be followed by \"then\": ci/docker/python-wheel-windows-test-vs2022.dockerfile:30-34","Info: Possibly incomplete results: error parsing shell code: (( can only be used to open an arithmetic cmd: ci/docker/python-wheel-windows-vs2022-base.dockerfile:81-82","Info: Possibly incomplete results: error parsing shell code: \"if \u003ccond\u003e\" must be followed by \"then\": ci/docker/python-wheel-windows-vs2022.dockerfile:26-30","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/archery.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/archery.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/archery.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/archery.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp.yml:337: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/cpp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp.yml:358: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/cpp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp.yml:434: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cpp.yml:438: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/cpp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp.yml:446: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/cpp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp.yml:468: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/cpp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/cpp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/cpp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp.yml:221: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/cpp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/cpp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp.yml:253: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/cpp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/csharp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/csharp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/csharp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/csharp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/csharp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/csharp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/csharp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/csharp.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/dev.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/dev.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_light.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/docs_light.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/integration.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/matlab.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/matlab.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/matlab.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/matlab.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/matlab.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/matlab.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/matlab.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/matlab.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/matlab.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/matlab.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/matlab.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/matlab.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/matlab.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/r.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/r.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/r.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/r.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/r.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/r.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/r.yml:266: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/r.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/r.yml:281: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/r.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/r.yml:291: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/r.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/r.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/r.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/r.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/r.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/r_nightly.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/r_nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/r_nightly.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/r_nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release_candidate.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/release_candidate.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ruby.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/ruby.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby.yml:265: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/ruby.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby.yml:289: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/ruby.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby.yml:392: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/ruby.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/arrow/ruby.yml/main?enable=pin","Warn: containerImage not pinned by hash: ci/docker/almalinux-8-verify-rc.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/alpine-linux-3.22-cpp.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/centos-7-cpp.dockerfile:18: pin your Docker image by updating centos:centos7 to centos:centos7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4","Warn: containerImage not pinned by hash: ci/docker/conda-cpp.dockerfile:20","Warn: containerImage not pinned by hash: ci/docker/conda-integration.dockerfile:20","Warn: containerImage not pinned by hash: ci/docker/conda-python-cpython-debug.dockerfile:21","Warn: containerImage not pinned by hash: ci/docker/conda-python-dask.dockerfile:21","Warn: containerImage not pinned by hash: ci/docker/conda-python-emscripten.dockerfile:21","Warn: containerImage not pinned by hash: ci/docker/conda-python-hdfs.dockerfile:21","Warn: containerImage not pinned by hash: ci/docker/conda-python-jpype.dockerfile:21","Warn: containerImage not pinned by hash: ci/docker/conda-python-pandas.dockerfile:21","Warn: containerImage not pinned by hash: ci/docker/conda-python-spark.dockerfile:21","Warn: containerImage not pinned by hash: ci/docker/conda-python.dockerfile:20","Warn: containerImage not pinned by hash: ci/docker/conda.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/debian-12-cpp.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/debian-experimental-cpp.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/fedora-42-cpp.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/linux-apt-c-glib.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/linux-apt-docs.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/linux-apt-python-3.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/linux-apt-python-313-freethreading.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/linux-apt-r.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/linux-apt-ruby.dockerfile:20","Warn: containerImage not pinned by hash: ci/docker/linux-dnf-python-3.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/linux-r.dockerfile:22","Warn: containerImage not pinned by hash: ci/docker/python-free-threaded-wheel-manylinux-test-imports.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/python-free-threaded-wheel-manylinux-test-unittests.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/python-free-threaded-wheel-musllinux-test-imports.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/python-free-threaded-wheel-musllinux-test-unittests.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/python-free-threaded-wheel-windows-test-vs2022.dockerfile:25","Warn: containerImage not pinned by hash: ci/docker/python-free-threaded-wheel-windows-vs2022.dockerfile:25","Warn: containerImage not pinned by hash: ci/docker/python-sdist.dockerfile:18: pin your Docker image by updating amd64/ubuntu:20.04 to amd64/ubuntu:20.04@sha256:efc44a68d205033006a2f924c85189d384615943d065cb255493bdc5f63060ad","Warn: containerImage not pinned by hash: ci/docker/python-wheel-manylinux-test.dockerfile:20","Warn: containerImage not pinned by hash: ci/docker/python-wheel-manylinux.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/python-wheel-musllinux-test.dockerfile:20","Warn: containerImage not pinned by hash: ci/docker/python-wheel-musllinux.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/python-wheel-windows-test-vs2022-base.dockerfile:23: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2022 to mcr.microsoft.com/windows/servercore:ltsc2022@sha256:d9e1a220c13cf25c7b213fbd96df2b63671e2dba0de3909003d4bb23a8bc8a1c","Warn: containerImage not pinned by hash: ci/docker/python-wheel-windows-test-vs2022.dockerfile:25","Warn: containerImage not pinned by hash: ci/docker/python-wheel-windows-vs2022-base.dockerfile:55: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2022 to mcr.microsoft.com/windows/servercore:ltsc2022@sha256:d9e1a220c13cf25c7b213fbd96df2b63671e2dba0de3909003d4bb23a8bc8a1c","Warn: containerImage not pinned by hash: ci/docker/python-wheel-windows-vs2022.dockerfile:22","Warn: containerImage not pinned by hash: ci/docker/ubuntu-22.04-cpp-minimal.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/ubuntu-22.04-cpp.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/ubuntu-22.04-csharp.dockerfile:21","Warn: containerImage not pinned by hash: ci/docker/ubuntu-22.04-verify-rc.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/ubuntu-24.04-cpp-minimal.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/ubuntu-24.04-cpp.dockerfile:19","Warn: containerImage not pinned by hash: ci/docker/ubuntu-24.04-verify-rc.dockerfile:19","Warn: containerImage not pinned by hash: cpp/examples/minimal_build/minimal.dockerfile:18: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: containerImage not pinned by hash: cpp/examples/minimal_build/system_dependency.dockerfile:18: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: containerImage not pinned by hash: cpp/examples/tutorial_examples/tutorial.dockerfile:18: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: containerImage not pinned by hash: dev/release/binary/Dockerfile:18: pin your Docker image by updating debian:bookworm to debian:bookworm@sha256:731dd1380d6a8d170a695dbeb17fe0eade0e1c29f654cf0a3a07f372191c3f4b","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow-apt-source/apt/debian-bookworm/Dockerfile:18: pin your Docker image by updating debian:bookworm to debian:bookworm@sha256:731dd1380d6a8d170a695dbeb17fe0eade0e1c29f654cf0a3a07f372191c3f4b","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow-apt-source/apt/debian-trixie/Dockerfile:18: pin your Docker image by updating debian:trixie to debian:trixie@sha256:1e4c405325e536fe420082178fbb2484079f519ef46932b781af9c7d2633563f","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow-apt-source/apt/ubuntu-jammy/Dockerfile:18: pin your Docker image by updating ubuntu:jammy to ubuntu:jammy@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow-apt-source/apt/ubuntu-noble/Dockerfile:18: pin your Docker image by updating ubuntu:noble to ubuntu:noble@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow-release/yum/almalinux-10/Dockerfile:18: pin your Docker image by updating almalinux:10 to almalinux:10@sha256:43388cb75d4faaec024fdd86205b6f8b8c47ce221c2526fc6651cdf8f9926b98","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow-release/yum/almalinux-8/Dockerfile:18: pin your Docker image by updating almalinux:8 to almalinux:8@sha256:2d4abdee2caecd851d2d6591dfb2205ba18549bc080ad5377875c990331e41c4","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow-release/yum/almalinux-9/Dockerfile:18: pin your Docker image by updating almalinux:9 to almalinux:9@sha256:192e2ba3e2867b39b4bb2f689643e35353772968d9bfeb3b3c652f1a84cca3cf","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow-release/yum/amazon-linux-2023/Dockerfile:18: pin your Docker image by updating amazonlinux:2023 to amazonlinux:2023@sha256:472957840eacc161151bea727e9b7db4ca0c4fc857e870a9218e97f5c46b34e6","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow-release/yum/centos-7/Dockerfile:18: pin your Docker image by updating centos:7 to centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow-release/yum/centos-9-stream/Dockerfile:18: pin your Docker image by updating quay.io/centos/centos:stream9 to quay.io/centos/centos:stream9@sha256:11e44d30c45661567009402629a7eeb3579739957fe3827d469a353d0fe1801f","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow/apt/debian-bookworm/Dockerfile:19","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow/apt/debian-trixie/Dockerfile:19","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow/apt/ubuntu-jammy/Dockerfile:19","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow/apt/ubuntu-noble/Dockerfile:19","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow/yum/almalinux-10/Dockerfile:19","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow/yum/almalinux-8/Dockerfile:19","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow/yum/almalinux-9/Dockerfile:19","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow/yum/amazon-linux-2023/Dockerfile:19","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow/yum/centos-7/Dockerfile:19","Warn: containerImage not pinned by hash: dev/tasks/linux-packages/apache-arrow/yum/centos-9-stream/Dockerfile:19","Warn: containerImage not pinned by hash: python/examples/minimal_build/Dockerfile.fedora:18: pin your Docker image by updating fedora:42 to fedora:42@sha256:3da64cb89971a1cdbc6046e307eeebcb54f7281c0a606ee48d9995473f6b88d5","Warn: containerImage not pinned by hash: python/examples/minimal_build/Dockerfile.ubuntu:18: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: downloadThenRun not pinned by hash: ci/docker/conda-integration.dockerfile:49-50","Warn: downloadThenRun not pinned by hash: ci/docker/conda-integration.dockerfile:73","Warn: pipCommand not pinned by hash: ci/docker/conda-python-emscripten.dockerfile:35-36","Warn: pipCommand not pinned by hash: ci/docker/conda-python-emscripten.dockerfile:35-36","Warn: pipCommand not pinned by hash: ci/docker/conda-python-pandas.dockerfile:29-32","Warn: npmCommand not pinned by hash: ci/docker/linux-apt-docs.dockerfile:26-79","Warn: pipCommand not pinned by hash: ci/docker/linux-apt-docs.dockerfile:103-106","Warn: pipCommand not pinned by hash: ci/docker/linux-apt-python-3.dockerfile:27-32","Warn: pipCommand not pinned by hash: ci/docker/linux-apt-python-3.dockerfile:27-32","Warn: pipCommand not pinned by hash: ci/docker/linux-apt-r.dockerfile:91-94","Warn: pipCommand not pinned by hash: ci/docker/linux-apt-r.dockerfile:91-94","Warn: pipCommand not pinned by hash: ci/docker/linux-dnf-python-3.dockerfile:29","Warn: pipCommand not pinned by hash: ci/docker/linux-dnf-python-3.dockerfile:35-37","Warn: pipCommand not pinned by hash: ci/docker/python-free-threaded-wheel-manylinux-test-unittests.dockerfile:45-49","Warn: pipCommand not pinned by hash: ci/docker/python-free-threaded-wheel-manylinux-test-unittests.dockerfile:50","Warn: pipCommand not pinned by hash: ci/docker/python-free-threaded-wheel-manylinux-test-unittests.dockerfile:51","Warn: pipCommand not pinned by hash: ci/docker/python-free-threaded-wheel-musllinux-test-unittests.dockerfile:60-64","Warn: pipCommand not pinned by hash: ci/docker/python-free-threaded-wheel-musllinux-test-unittests.dockerfile:65","Warn: pipCommand not pinned by hash: ci/docker/python-free-threaded-wheel-musllinux-test-unittests.dockerfile:66","Warn: pipCommand not pinned by hash: ci/docker/python-sdist.dockerfile:34","Warn: pipCommand not pinned by hash: ci/docker/python-wheel-manylinux-test.dockerfile:25","Warn: pipCommand not pinned by hash: ci/docker/python-wheel-manylinux.dockerfile:117-119","Warn: pipCommand not pinned by hash: ci/docker/python-wheel-manylinux.dockerfile:122","Warn: pipCommand not pinned by hash: ci/docker/python-wheel-musllinux-test.dockerfile:35","Warn: pipCommand not pinned by hash: ci/docker/python-wheel-musllinux.dockerfile:114-116","Warn: pipCommand not pinned by hash: ci/docker/python-wheel-musllinux.dockerfile:119","Warn: chocoCommand not pinned by hash: ci/docker/python-wheel-windows-test-vs2022-base.dockerfile:53","Warn: chocoCommand not pinned by hash: ci/docker/python-wheel-windows-test-vs2022-base.dockerfile:60","Warn: chocoCommand not pinned by hash: ci/docker/python-wheel-windows-test-vs2022.dockerfile:38","Warn: chocoCommand not pinned by hash: ci/docker/python-wheel-windows-vs2022-base.dockerfile:88","Warn: chocoCommand not pinned by hash: ci/docker/python-wheel-windows-vs2022-base.dockerfile:89","Warn: chocoCommand not pinned by hash: ci/docker/python-wheel-windows-vs2022.dockerfile:33","Warn: pipCommand not pinned by hash: python/examples/minimal_build/Dockerfile.fedora:33","Warn: npmCommand not pinned by hash: ci/scripts/install_azurite.sh:37","Warn: chocoCommand not pinned by hash: ci/scripts/install_azurite.sh:41","Warn: npmCommand not pinned by hash: ci/scripts/install_azurite.sh:42","Warn: npmCommand not pinned by hash: ci/scripts/install_azurite.sh:45","Warn: downloadThenRun not pinned by hash: ci/scripts/install_conda.sh:38","Warn: pipCommand not pinned by hash: ci/scripts/install_dask.sh:30","Warn: pipCommand not pinned by hash: ci/scripts/install_dask.sh:31","Warn: pipCommand not pinned by hash: ci/scripts/install_dask.sh:33","Warn: pipCommand not pinned by hash: ci/scripts/install_dask.sh:35","Warn: pipCommand not pinned by hash: ci/scripts/install_dask.sh:40","Warn: pipCommand not pinned by hash: ci/scripts/install_numba.sh:38","Warn: pipCommand not pinned by hash: ci/scripts/install_numba.sh:40","Warn: pipCommand not pinned by hash: ci/scripts/install_numba.sh:42","Warn: pipCommand not pinned by hash: ci/scripts/install_numpy.sh:30","Warn: pipCommand not pinned by hash: ci/scripts/install_numpy.sh:32","Warn: pipCommand not pinned by hash: ci/scripts/install_pandas.sh:31","Warn: pipCommand not pinned by hash: ci/scripts/install_pandas.sh:33","Warn: pipCommand not pinned by hash: ci/scripts/install_pandas.sh:35","Warn: pipCommand not pinned by hash: ci/scripts/install_pandas.sh:39","Warn: pipCommand not pinned by hash: ci/scripts/install_pandas.sh:41","Warn: pipCommand not pinned by hash: ci/scripts/install_pandas.sh:43","Warn: pipCommand not pinned by hash: ci/scripts/install_pandas.sh:45","Warn: pipCommand not pinned by hash: ci/scripts/integration_arrow.sh:36","Warn: pipCommand not pinned by hash: ci/scripts/integration_arrow.sh:42","Warn: pipCommand not pinned by hash: ci/scripts/integration_arrow.sh:45","Warn: pipCommand not pinned by hash: ci/scripts/integration_skyhook.sh:126","Warn: pipCommand not pinned by hash: ci/scripts/python_benchmark.sh:26","Warn: pipCommand not pinned by hash: ci/scripts/python_wheel_macos_build.sh:55","Warn: pipCommand not pinned by hash: ci/scripts/python_wheel_macos_build.sh:58","Warn: pipCommand not pinned by hash: ci/scripts/python_wheel_macos_build.sh:60","Warn: pipCommand not pinned by hash: ci/scripts/python_wheel_macos_build.sh:64","Warn: pipCommand not pinned by hash: ci/scripts/python_wheel_unix_test.sh:62","Warn: pipCommand not pinned by hash: ci/scripts/python_wheel_unix_test.sh:105","Warn: pipCommand not pinned by hash: dev/conbench_envs/hooks.sh:42","Warn: pipCommand not pinned by hash: dev/conbench_envs/hooks.sh:78","Warn: npmCommand not pinned by hash: dev/release/setup-rhel-rebuilds.sh:52","Warn: pipCommand not pinned by hash: dev/release/verify-release-candidate.sh:470","Warn: pipCommand not pinned by hash: dev/release/verify-release-candidate.sh:479","Warn: pipCommand not pinned by hash: dev/release/verify-release-candidate.sh:613","Warn: pipCommand not pinned by hash: dev/release/verify-release-candidate.sh:644","Warn: pipCommand not pinned by hash: dev/release/verify-release-candidate.sh:751","Warn: pipCommand not pinned by hash: dev/release/verify-release-candidate.sh:940","Warn: pipCommand not pinned by hash: dev/release/verify-release-candidate.sh:991","Warn: downloadThenRun not pinned by hash: python/examples/minimal_build/build_conda.sh:39","Warn: pipCommand not pinned by hash: python/examples/minimal_build/build_conda.sh:101","Warn: pipCommand not pinned by hash: python/examples/minimal_build/build_venv.sh:37","Warn: pipCommand not pinned by hash: python/examples/minimal_build/build_venv.sh:38","Warn: pipCommand not pinned by hash: python/examples/minimal_build/build_venv.sh:73","Warn: pipCommand not pinned by hash: python/examples/minimal_build/build_venv.sh:77","Warn: pipCommand not pinned by hash: .github/workflows/archery.yml:73","Warn: pipCommand not pinned by hash: .github/workflows/archery.yml:75","Warn: pipCommand not pinned by hash: .github/workflows/archery.yml:76","Warn: pipCommand not pinned by hash: .github/workflows/comment_bot.yml:50","Warn: pipCommand not pinned by hash: .github/workflows/cpp.yml:135","Warn: pipCommand not pinned by hash: .github/workflows/cpp.yml:138","Warn: pipCommand not pinned by hash: .github/workflows/cpp_extra.yml:156","Warn: pipCommand not pinned by hash: .github/workflows/csharp.yml:182","Warn: pipCommand not pinned by hash: .github/workflows/dev.yml:108","Warn: pipCommand not pinned by hash: .github/workflows/docs.yml:60","Warn: pipCommand not pinned by hash: .github/workflows/docs_light.yml:67","Warn: pipCommand not pinned by hash: .github/workflows/integration.yml:113","Warn: pipCommand not pinned by hash: .github/workflows/pr_bot.yml:90","Warn: pipCommand not pinned by hash: .github/workflows/python.yml:122","Warn: pipCommand not pinned by hash: .github/workflows/python.yml:199","Warn: pipCommand not pinned by hash: .github/workflows/python.yml:236","Warn: pipCommand not pinned by hash: .github/workflows/r.yml:163","Warn: pipCommand not pinned by hash: .github/workflows/r.yml:104","Warn: pipCommand not pinned by hash: .github/workflows/r_nightly.yml:70","Warn: pipCommand not pinned by hash: .github/workflows/ruby.yml:100","Warn: pipCommand not pinned by hash: .github/workflows/verify_rc.yml:165","Info:  63 out of 109 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  14 third-party GitHubAction dependencies pinned","Info:   0 out of   5 npmCommand dependencies pinned","Info:   0 out of   7 chocoCommand dependencies pinned","Info:   0 out of  73 containerImage dependencies pinned","Info:   0 out of   4 downloadThenRun dependencies pinned","Info:   0 out of  87 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-15T00:39:02.399Z","repository_id":37274349,"created_at":"2025-08-15T00:39:02.399Z","updated_at":"2025-08-15T00:39:02.399Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280569061,"owners_count":26352848,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-23T02:00:06.710Z","response_time":142,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arrow","parquet"],"created_at":"2025-03-25T20:19:22.503Z","updated_at":"2025-10-23T12:22:57.419Z","avatar_url":"https://github.com/apache.png","language":"C++","project_url":"https://opencollective.ecosyste.ms/api/v1/projects/344219","html_url":"https://opencollective.ecosyste.ms/projects/344219","collective":{"id":218408,"uuid":"mlo94zn7-x08dpo08-ejepewga-3vjbrky5","slug":"friends-of-grails","name":"Friends of Apache Grails","description":"Supports activities within the Apache Grails Framework community","website":"","github":"apache","twitter":null,"repository_url":null,"social_links":[{"type":"GITHUB","url":"https://github.com/apache?q=grails-\u0026type=all\u0026language=\u0026sort=#org-profile-repositories"}],"currency":"USD","projects_count":2868,"last_synced_at":"2026-05-29T18:15:24.028Z","created_at":"2024-06-28T00:00:13.465Z","updated_at":"2026-05-29T18:15:25.024Z","transactions_count":null,"balance":3462.6600000000044,"account_type":"COLLECTIVE","owner":{"login":"apache","name":"The Apache Software Foundation","uuid":"47359","kind":"organization","description":"","email":null,"website":"https://www.apache.org/","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/47359?v=4","repositories_count":2832,"last_synced_at":"2025-12-08T20:34:27.907Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/apache","funding_links":[],"total_stars":1291846,"followers":20759,"following":0,"created_at":"2022-11-02T16:23:23.532Z","updated_at":"2025-12-08T20:34:27.907Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apache","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apache/repositories"},"last_project_activity_at":"2026-05-20T09:06:53.000Z","archived":false,"no_funding":false,"no_license":false,"host":"opensource","collective_created_at":"2024-06-27T17:49:15.785Z","collective_updated_at":"2025-08-22T19:21:14.226Z","html_url":"https://opencollective.com/friends-of-grails","icon_url":"https://images.opencollective.com/friends-of-grails/logo/40.png","total_donations":3462.66,"total_expenses":-607.3400000000004,"current_balance":3462.6600000000044,"api_url":"https://opencollective.ecosyste.ms/api/v1/collectives/friends-of-grails","url":"https://opencollective.ecosyste.ms/collectives/friends-of-grails","projects_url":"https://opencollective.ecosyste.ms/api/v1/collectives/friends-of-grails/projects"}}