Tools
GitHub MCP Server Ships --exclude-tools Flag and SHA256-Pinned Docker Images for Production Security
GitHub's official MCP server released an update adding an --exclude-tools flag that lets operators surgically disable specific MCP tools at the server configuration level — a critical capability for production deployments where least-privilege tool exposure is required. SHA256-pinned Docker base images were added simultaneously for supply-chain integrity. These two additions directly address the most-requested enterprise security requirements for running MCP servers in production and will likely influence patterns across other MCP server implementations.
Source
↳ Follow the thread