Pinner MCP
Integrate FlowHunt with Pinner MCP to automate and secure your dependency management. Pin Docker base images and GitHub Actions to immutable digests, ensuring r...
4 min read
AI
Automation
+5
What does “Pinner” MCP Server do?
The Pinner MCP Server is a Model Context Protocol (MCP) server designed to help developers pin third-party dependencies—specifically Docker base images and GitHub Actions—to their immutable digests. By ensuring that dependencies are referenced by an exact, unchangeable version, Pinner helps enhance supply chain security and reproducibility in software projects. This server acts as a bridge between AI assistants and external systems, enabling automated workflows for dependency management tasks such as resolving, updating, or enforcing pinned versions. Pinner MCP is particularly useful for environments that require strict control over dependencies, supporting software reliability and development best practices.
List of Prompts
- Pin GitHub Actions to their commit hash
Use this prompt template to automatically convert GitHub Actions workflow references to their specific commit hashes. - Pin container base images to digests
This prompt ensures Docker base images are referenced using their immutable digests rather than tags. - Update pinned versions of container base images
A workflow prompt to update Docker base images to their latest digests where appropriate.
Ready to grow your business?
Start your free trial today and see results within days.
List of Resources
No explicit resource primitives are detailed in the repository or documentation.
List of Tools
No direct tool definitions found in the available code or documentation.
Join our newsletter
Get latest tips, trends, and deals for free.
Use Cases of this MCP Server
- Enforcing Immutable Dependencies
Automatically update CI/CD configurations to use immutable digests for Docker images and GitHub Actions, reducing the risk of supply chain attacks. - Automated Dependency Pinning
Streamline code reviews and merges by ensuring all third-party actions and images are pinned, improving reproducibility. - Continuous Compliance
Integrate with development workflows to regularly audit and update dependency pins, helping teams maintain compliance with internal or external security policies. - Collaborative Codebase Maintenance
Enable AI assistants to assist developers by suggesting or applying pinning best practices across repositories. - Security Hardening for DevOps
Reduce drift and unintended updates in build environments by strictly controlling dependency versions.
How to set it up
Windsurf
No explicit Windsurf setup details provided.
Claude
No explicit Claude setup details provided.
Cursor
- Ensure you have Docker installed and can run containers.
- Open (or create)
.cursor/mcp.jsonin your project. - Add the following JSON snippet to define the Pinner MCP server:
{ "mcpServers": { "pinner-mcp-stdio-server": { "command": "docker", "args": [ "run", "--rm", "-i", "ghcr.io/safedep/pinner-mcp:latest" ] } } } - Enable the MCP server in Cursor’s settings.
- Save the configuration and restart Cursor if needed.
Securing API Keys
No API key requirements are specified for Pinner MCP. If needed, you would typically use an env section to pass environment variables. Example:
{
"mcpServers": {
"pinner-mcp-stdio-server": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"ghcr.io/safedep/pinner-mcp:latest"
],
"env": {
"API_KEY": "${env:PINNER_API_KEY}"
},
"inputs": {}
}
}
}
Cline
No explicit Cline setup details provided.
How to use this MCP inside flows
Using MCP in FlowHunt
To integrate MCP servers into your FlowHunt workflow, start by adding the MCP component to your flow and connecting it to your AI agent:
Click on the MCP component to open the configuration panel. In the system MCP configuration section, insert your MCP server details using this JSON format:
{
"pinner-mcp": {
"transport": "streamable_http",
"url": "https://yourmcpserver.example/pathtothemcp/url"
}
}
Once configured, the AI agent is now able to use this MCP as a tool with access to all its functions and capabilities. Remember to change “MCP-name” to whatever the actual name of your MCP server is (e.g., “pinner-mcp”) and replace the URL with your own MCP server URL.
Overview
| Section | Availability | Details/Notes |
|---|---|---|
| Overview | ✅ | |
| List of Prompts | ✅ | 3 prompt templates described in README |
| List of Resources | ⛔ | Not specified |
| List of Tools | ⛔ | Not specified |
| Securing API Keys | ⛔ | Not required or not described |
| Sampling Support (less important in evaluation) | ⛔ | Not specified |
Based on the tables above, the Pinner MCP Server provides a clear and valuable workflow for pinning dependencies but lacks detailed documentation about its resources, tools, and advanced MCP features. Its strong README and practical use case focus are strengths, but it could benefit from richer protocol-level detail and broader platform support documentation.
MCP Score
| Has a LICENSE | ✅ (Apache-2.0) |
|---|---|
| Has at least one tool | ⛔ |
| Number of Forks | 3 |
| Number of Stars | 9 |
Rating:
I would rate this MCP server a 4/10 for protocol completeness. It provides a clear purpose and usage for dependency pinning, but is missing documentation and explicit implementation of MCP resources, tools, and advanced features like roots or sampling. It is practical and open source, but not fully documented as a generic MCP server implementation.
