Pinner Mcp
by
Pins third‑party dependencies—Docker base images and GitHub Actions—to immutable digests, ensuring reproducible builds and protecting against supply‑chain attacks.
Pinner Mcp Overview
Pinner Mcp
What is Pinner Mcp about?
Pinner Mcp provides an MCP server that resolves and pins external components (container base images, GitHub Actions) to their immutable versions (image digests or commit hashes). By converting mutable references to fixed identifiers, it helps maintain secure and repeatable CI/CD pipelines.
How to use Pinner Mcp?
- Run the server as a Docker container using the standard
stdiotransport:docker run -it --rm ghcr.io/safedep/pinner-mcp:latest - Configure Cursor (or any MCP‑compatible client) by adding the server definition to
.cursor/mcp.json:{ "mcpServers": { "pinner-mcp-stdio-server": { "command": "docker", "args": ["run", "--rm", "-i", "ghcr.io/safedep/pinner-mcp:latest"] } } } - Interact via prompts such as:
Pin GitHub Actions to their commit hashPin container base images to digestsUpdate pinned versions of container base images
- Update the container image when new releases are published:
docker pull ghcr.io/safedep/pinner-mcp:latest
Key features of Pinner Mcp
- Supports Docker base image digest resolution.
- Supports GitHub Actions commit‑hash pinning.
- Works with any MCP‑compatible client (e.g., Cursor).
- Simple container‑only deployment; no additional runtime dependencies.
- Automatic upstream updates via the
latesttag on GitHub Container Registry.
Use cases of Pinner Mcp
- Supply‑chain security: Freeze CI/CD dependencies to immutable versions, preventing accidental or malicious upgrades.
- Reproducible builds: Ensure builds produce identical artifacts across environments and over time.
- Compliance auditing: Track exact versions used in pipelines for regulatory or internal audits.
- Team onboarding: Provide a shared source of truth for dependency versions across developers.
FAQ from the Pinner Mcp
- Q: Do I need to rebuild the image after each pinning operation? A: No. The MCP server runs as a long‑living process; pinning requests are handled on‑the‑fly.
- Q: Can I run the server outside Docker? A: Currently the distribution is container‑based, but the underlying Go implementation can be compiled and run natively.
- Q: How are updates handled?
A: Pull the latest image tag (
docker pull ghcr.io/safedep/pinner-mcp:latest) and restart the container. - Q: Which dependency types are supported? A: Docker base images and GitHub Actions workflows.
- Q: Is authentication required? A: The server is stateless and does not require API keys; any MCP client can communicate over standard I/O.
Pinner Mcp's README
Pinner MCP 📍
A Model Context Protocol (MCP) server that can help pin 3rd party dependencies to immutable digests. Supported dependency types include:
- Docker base images
- GitHub Actions
📦 Usage
Run as a container with stdio transport.
docker run -it --rm ghcr.io/safedep/pinner-mcp:latest
💻 Cursor
Add the following to your .cursor/mcp.json file. You must enable
the MCP server in the settings. Learn more here.
{
"mcpServers": {
"pinner-mcp-stdio-server": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"ghcr.io/safedep/pinner-mcp:latest"
]
}
}
}
Use a Composer prompt like the following to pin a specific commit hash.
Pin GitHub Actions to their commit hash
Pin container base images to digests
To update pinned versions, you can use a prompt like the following.
Update pinned versions of container base images
🔄 Tool Updates
Updates for the MCP server are automatically pushed to the latest tag on
GitHub Container Registry. You
must manually update your local container image to the latest version.
docker pull ghcr.io/safedep/pinner-mcp:latest
📚 References
- Originally built to protect vet from malicious GitHub Actions
- mcp-go is a great library for building MCP servers
- Built and maintained by SafeDep Engineering
Pinner Mcp Reviews
Login Required
Please log in to share your review and rating for this MCP.
Actions
Pinner Mcp's Information
- Author
- safedep
- Category
- Development Tools
- Language
- Go
- License
- Apache License 2.0
- Stars
- 9
- Updated
- 21 days ago
Configuration
{
"mcpServers": {
"pinner-mcp-stdio-server": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"ghcr.io/safedep/pinner-mcp:latest"
]
}
}
}Configure Clients
Similar MCP Servers like Pinner Mcp
Explore related MCPs that share similar capabilities and solve comparable challenges
Zed
OfficialClientby zed-industries
A high‑performance, multiplayer code editor designed for speed and collaboration.
Everything
Officialby modelcontextprotocol
Model Context Protocol Servers
Git
Officialby modelcontextprotocol
A Model Context Protocol server for Git repository interaction and automation.
Time
Officialby modelcontextprotocol
A Model Context Protocol server that provides time and timezone conversion capabilities.
Cline
OfficialClientby cline
An autonomous coding assistant that can create and edit files, execute terminal commands, and interact with a browser directly from your IDE, operating step‑by‑step with explicit user permission.
Continue
OfficialClientby continuedev
Enables faster shipping of code by integrating continuous AI agents across IDEs, terminals, and CI pipelines, offering chat, edit, autocomplete, and customizable agent workflows.
Context7 MCP
Officialby upstash
Provides up-to-date, version‑specific library documentation and code examples directly inside LLM prompts, eliminating outdated information and hallucinated APIs.
GitHub MCP Server
by github
Connects AI tools directly to GitHub, enabling natural‑language interactions for repository browsing, issue and pull‑request management, CI/CD monitoring, code‑security analysis, and team collaboration.
Daytona
by daytonaio
Provides a secure, elastic infrastructure that creates isolated sandboxes for running AI‑generated code with sub‑90 ms startup, unlimited persistence, and OCI/Docker compatibility.