Pinner Mcp
What is Pinner Mcp
Pinner MCP is a Model Context Protocol (MCP) server designed to pin third-party dependencies to their immutable versions, ensuring stability and security in software development.
Use cases
Use cases for Pinner MCP include pinning specific commit hashes for GitHub Actions, pinning container base images to their digests, and updating pinned versions to maintain security and stability.
How to use
To use Pinner MCP, run it as a container with the command: docker run -it --rm ghcr.io/safedep/pinner-mcp:latest. You also need to configure your .cursor/mcp.json file to enable the MCP server.
Key features
Key features of Pinner MCP include the ability to pin Docker base images and GitHub Actions to immutable digests, ensuring that the dependencies remain unchanged and secure over time.
Where to use
Pinner MCP is primarily used in software development environments where dependency management is critical, particularly in CI/CD pipelines and containerized applications.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Pinner Mcp
Pinner MCP is a Model Context Protocol (MCP) server designed to pin third-party dependencies to their immutable versions, ensuring stability and security in software development.
Use cases
Use cases for Pinner MCP include pinning specific commit hashes for GitHub Actions, pinning container base images to their digests, and updating pinned versions to maintain security and stability.
How to use
To use Pinner MCP, run it as a container with the command: docker run -it --rm ghcr.io/safedep/pinner-mcp:latest. You also need to configure your .cursor/mcp.json file to enable the MCP server.
Key features
Key features of Pinner MCP include the ability to pin Docker base images and GitHub Actions to immutable digests, ensuring that the dependencies remain unchanged and secure over time.
Where to use
Pinner MCP is primarily used in software development environments where dependency management is critical, particularly in CI/CD pipelines and containerized applications.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
Pinner MCP 📍
A Model Context Protocol (MCP) server that can help pin 3rd party dependencies to immutable digests.
Supported dependency types include:
- Docker base images
- GitHub Actions
📦 Usage
Run as a container with stdio transport.
docker run -it --rm ghcr.io/safedep/pinner-mcp:latest
💻 Cursor
Add the following to your .cursor/mcp.json file. You must enable
the MCP server in the settings. Learn more here.
{
"mcpServers": {
"pinner-mcp-stdio-server": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"ghcr.io/safedep/pinner-mcp:latest"
]
}
}
}Use a Composer prompt like the following to pin a specific commit hash.
Pin GitHub Actions to their commit hash
Pin container base images to digests
To update pinned versions, you can use a prompt like the following.
Update pinned versions of container base images
🔄 Tool Updates
Updates for the MCP server are automatically pushed to the latest tag on
GitHub Container Registry. You
must manually update your local container image to the latest version.
docker pull ghcr.io/safedep/pinner-mcp:latest
📚 References
- Originally built to protect vet from malicious GitHub Actions
- mcp-go is a great library for building MCP servers
- Built and maintained by SafeDep Engineering
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
