Pinner MCP Server
MCP server that helps pin third-party dependencies, such as Docker base images and GitHub Actions, to immutable digests/commit hashes for supply chain security.
Get this MCP server
MCP server that helps pin third-party dependencies, such as Docker base images and GitHub Actions, to immutable digests/commit hashes for supply chain security.
Installation
Docker
docker run -it --rm ghcr.io/safedep/pinner-mcp:latest
Local Build
docker build -t pinner-mcp:local .
Configuration
VS Code
{
"servers": {
"pinner-mcp": {
"type": "stdio",
"command": "docker",
"args": ["run", "--rm", "-i", "ghcr.io/safedep/pinner-mcp:latest"]
}
}
}
Cursor
{
"mcpServers": {
"pinner-mcp-stdio-server": {
"command": "docker",
"args": ["run", "--rm", "-i", "ghcr.io/safedep/pinner-mcp:latest"]
}
}
}
Features
- Pin Docker base images to immutable digests
- Pin GitHub Actions to commit hashes
- Update pinned versions of dependencies
- Prevent supply chain attacks
Usage Examples
Pin GitHub Actions to their commit hash
Pin container base images to digests
Update pinned versions of container base images
Notes
Updates are automatically pushed to the 'latest' tag in GitHub Container Registry. You need to manually pull updates using 'docker pull ghcr.io/safedep/pinner-mcp:latest'. Originally created to protect the 'vet' project from malicious GitHub Actions.