Happy slice of mcp pizzaMCP.pizza
Fire in da houseTop Tip:Paying $100+ per month for Perplexity, MidJourney, Runway, ChatGPT and other tools is crazy - get all your AI tools in one site starting at $15 per month with Galaxy AI Fire in da houseCheck it out free

pinner-mcp

MCP.Pizza Chef: safedep

Pinner MCP is a Model Context Protocol server designed to pin third-party dependencies such as Docker base images and GitHub Actions to their immutable digests or commit hashes. This ensures reproducible and secure builds by locking dependencies to specific, unchanging versions. It runs as a container and integrates easily with MCP-enabled environments like Cursor, enabling automated version pinning workflows.

Use This MCP server To

Pin Docker base images to immutable digests Lock GitHub Actions to specific commit hashes Ensure reproducible builds by fixing dependency versions Automate dependency version pinning in CI/CD pipelines Integrate with MCP-enabled tools for seamless context updates

README

Pinner MCP 📍

A Model Context Protocol (MCP) server that can help pin 3rd party dependencies to immutable digests. Supported dependency types include:

  • Docker base images
  • GitHub Actions

Pinner MCP

📦 Usage

Run as a container with stdio transport.

docker run -it --rm ghcr.io/safedep/pinner-mcp:latest

💻 Cursor

Add the following to your .cursor/mcp.json file. You must enable the MCP server in the settings. Learn more here.

{
  "mcpServers": {
    "pinner-mcp-stdio-server": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "ghcr.io/safedep/pinner-mcp:latest"
      ]
    }
  }
}

Use a Composer prompt like the following to pin a specific commit hash.

Pin GitHub Actions to their commit hash

Pin container base images to digests

To update pinned versions, you can use a prompt like the following.

Update pinned versions of container base images

🔄 Tool Updates

Updates for the MCP server are automatically pushed to the latest tag on GitHub Container Registry. You must manually update your local container image to the latest version.

docker pull ghcr.io/safedep/pinner-mcp:latest

📚 References

  • Originally built to protect vet from malicious GitHub Actions
  • mcp-go is a great library for building MCP servers
  • Built and maintained by SafeDep Engineering

pinner-mcp FAQ

How do I run the pinner-mcp server?
Run it as a Docker container using the command: docker run -it --rm ghcr.io/safedep/pinner-mcp:latest.
What types of dependencies can pinner-mcp pin?
It supports pinning Docker base images and GitHub Actions to immutable digests or commit hashes.
How do I integrate pinner-mcp with my MCP client?
Add the pinner-mcp server configuration to your .cursor/mcp.json file and enable it in your MCP client settings.
Can pinner-mcp update pinned versions automatically?
Yes, you can use specific prompts to update pinned versions as part of your workflow.
Is pinner-mcp limited to Docker and GitHub Actions?
Currently, it supports these two dependency types, but it may be extended to others in the future.
What transport protocol does pinner-mcp use?
It uses stdio transport when run as a container.
Can pinner-mcp be used in CI/CD pipelines?
Yes, it is designed to automate dependency pinning, making it ideal for CI/CD integration.