mcplist
AM

A Model Context Protocol (MCP) server that can help pin 3rd party dependencies to immutable digests.

Created 3 months ago

A Model Context Protocol (MCP) server that can help pin 3rd party dependencies to immutable digests.

Visit Homepage
development documentation public

What is A Model Context Protocol (MCP) server that can help pin 3rd party dependencies to immutable digests.?

Pinner MCP is a Model Context Protocol (MCP) server that can help pin 3rd party dependencies to immutable digests. Supported dependency types include Docker base images and GitHub Actions. It runs as a container with stdio transport and allows users to pin specific commit hashes and update pinned versions of container base images.

Documentation

Pinner MCP 📍

A Model Context Protocol (MCP) server that can help pin 3rd party dependencies to immutable digests. Supported dependency types include:

  • Docker base images
  • GitHub Actions

Pinner MCP

📦 Usage

Run as a container with stdio transport.

docker run -it --rm ghcr.io/safedep/pinner-mcp:latest

💻 Cursor

Add the following to your .cursor/mcp.json file. You must enable the MCP server in the settings. Learn more here.

{
  "mcpServers": {
    "pinner-mcp-stdio-server": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "ghcr.io/safedep/pinner-mcp:latest"
      ]
    }
  }
}

Use a Composer prompt like the following to pin a specific commit hash.

Pin GitHub Actions to their commit hash

Pin container base images to digests

To update pinned versions, you can use a prompt like the following.

Update pinned versions of container base images

🔄 Tool Updates

Updates for the MCP server are automatically pushed to the latest tag on GitHub Container Registry. You must manually update your local container image to the latest version.

docker pull ghcr.io/safedep/pinner-mcp:latest

📚 References

  • Originally built to protect vet from malicious GitHub Actions
  • mcp-go is a great library for building MCP servers
  • Built and maintained by SafeDep Engineering

Server Config 

{
  "mcpServers": {
    "a-model-context-protocol-(mcp)-server-that-can-help-pin-3rd-party-dependencies-to-immutable-digests.-server": {
      "command": "npx",
      "args": [
        "a-model-context-protocol-(mcp)-server-that-can-help-pin-3rd-party-dependencies-to-immutable-digests."
      ]
    }
  }
}

Links & Status

Repository: github.com
Hosted: No
Global: No
Official: Yes

Project Info

Hosted Featured
Created At: Aug 08, 2025
Updated At: Aug 08, 2025
Author: SafeDep Engineering
Category: MCP Server
Tags:
development documentation public