Pinner MCP
by SafeDep
Pinner MCP is a Model Context Protocol (MCP) server designed to help pin 3rd party dependencies to immutable digests. It supports dependency types such as Docker base images and GitHub Actions.
Last updated: N/A
What is Pinner MCP?
Pinner MCP is a Model Context Protocol (MCP) server that helps secure your software supply chain by pinning 3rd party dependencies to immutable digests, ensuring that you are always using the exact versions you intend.
How to use Pinner MCP?
Pinner MCP can be run as a container using Docker. It integrates with tools like Cursor via the Model Context Protocol. Configuration involves adding the server details to your .cursor/mcp.json file and using specific prompts to pin or update dependency versions.
Key features of Pinner MCP
Pins Docker base images to digests
Pins GitHub Actions to commit hashes
Integrates with Cursor via MCP
Automated updates via GitHub Container Registry
Enhances supply chain security
Use cases of Pinner MCP
Securing software supply chains
Preventing malicious dependency attacks
Ensuring reproducible builds
Automating dependency version management
Integrating with AI-powered code editors like Cursor
FAQ from Pinner MCP
What dependency types are supported?
What dependency types are supported?
Currently, Pinner MCP supports Docker base images and GitHub Actions.
How do I update Pinner MCP?
How do I update Pinner MCP?
Updates are automatically pushed to the latest tag on GitHub Container Registry. You need to manually update your local container image using docker pull ghcr.io/safedep/pinner-mcp:latest.
How does Pinner MCP integrate with Cursor?
How does Pinner MCP integrate with Cursor?
Pinner MCP integrates with Cursor via the Model Context Protocol (MCP). You need to configure the server in your .cursor/mcp.json file.
What is the purpose of pinning dependencies?
What is the purpose of pinning dependencies?
Pinning dependencies to immutable digests ensures that you are always using the exact versions you intend, preventing malicious actors from injecting vulnerabilities through dependency updates.
Where can I find more information about MCP?
Where can I find more information about MCP?
You can find more information about MCP in the Cursor documentation: https://docs.cursor.com/context/model-context-protocol#what-is-mcp