Spark
Sign In
MCP SafeDep Maintainer? 4.0 (1) 0
Add to Favorites

Pinner MCP Server

MCP server that helps pin third-party dependencies, such as Docker base images and GitHub Actions, to immutable digests/commit hashes for supply chain security.

claudecursorvscode-copilot DevOpsSecurity

Get this MCP server

MCP server that helps pin third-party dependencies, such as Docker base images and GitHub Actions, to immutable digests/commit hashes for supply chain security.

Installation

Docker

docker run -it --rm ghcr.io/safedep/pinner-mcp:latest

Local Build

docker build -t pinner-mcp:local .

Configuration

VS Code

{
  "servers": {
    "pinner-mcp": {
      "type": "stdio",
      "command": "docker",
      "args": ["run", "--rm", "-i", "ghcr.io/safedep/pinner-mcp:latest"]
    }
  }
}

Cursor

{
  "mcpServers": {
    "pinner-mcp-stdio-server": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "ghcr.io/safedep/pinner-mcp:latest"]
    }
  }
}

Features

  • Pin Docker base images to immutable digests
  • Pin GitHub Actions to commit hashes
  • Update pinned versions of dependencies
  • Prevent supply chain attacks

Usage Examples

Pin GitHub Actions to their commit hash

Pin container base images to digests

Update pinned versions of container base images

Notes

Updates are automatically pushed to the 'latest' tag in GitHub Container Registry. You need to manually pull updates using 'docker pull ghcr.io/safedep/pinner-mcp:latest'. Originally created to protect the 'vet' project from malicious GitHub Actions.

Comments (0)

Sign In Sign in to leave a comment.