Pinner FAQs

Name: Pinner
Author: safedep

Question 1

What are the benefits of using Pinner?

Accepted Answer

Pinner enhances your software supply chain security by ensuring that you are using known, trusted versions of your dependencies. This mitigates the risk of malicious actors injecting harmful code through compromised or updated dependencies. It is easy to integrate with development environments such as Cursor IDE.

Question 2

How does Pinner work?

Accepted Answer

Pinner acts as a Model Context Protocol (MCP) server. It integrates with tools like Cursor IDE, allowing you to easily pin and update your dependencies using simple prompts. Pinner leverages the stdio transport for easy containerization.

Question 3

How do I integrate Pinner with Cursor IDE?

Accepted Answer

To integrate Pinner with Cursor, add the provided configuration to your `.cursor/mcp.json` file and enable the MCP server in Cursor's settings. Then, use Composer prompts like 'Pin GitHub Actions to their commit hash' to pin dependencies.

Question 4

What does Pinner do?

Accepted Answer

Pinner helps secure your software supply chain by pinning third-party dependencies, such as Docker base images and GitHub Actions, to immutable digests. This ensures that you're always using the exact version you expect, preventing unexpected changes or malicious updates.

Question 5

How do I keep Pinner updated?

Accepted Answer

Updates for Pinner are automatically pushed to the `latest` tag on GitHub Container Registry. You'll need to manually pull the latest container image using `docker pull ghcr.io/safedep/pinner-mcp:latest` to stay up-to-date with the latest security patches and features.

Pinner

About

Key Features

Use Cases