SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Go OCI Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
komiser
Open-source cloud-environment inspector. Supporting AWS, GCP, Azure, and more! Your cloud resources will have nowhere to hide!
-
firecracker-containerd
firecracker-containerd enables containerd to manage containers as Firecracker microVMs
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Example of why: https://github.com/containers/podman/issues/5102#issuecommen...
Project mention: Exploring 5 Docker Alternatives: Containerization Choices for 2024 | dev.to | 2024-03-18Containerd and nerdctl
Isn't gVisor kind of this as well?
"gVisor is an application kernel for containers. It limits the host kernel surface accessible to the application while still giving the application access to all the features it expects. Unlike most kernels, gVisor does not assume or require a fixed set of physical resources; instead, it leverages existing host kernel functionality and runs as a normal process. In other words, gVisor implements Linux by way of Linux."
https://github.com/google/gvisor
I can speak to this. Containers, and by extension k8s, break a well known security boundary that has existed for a very long time - whether you are using a real (hardware) server or a virtual machine on the cloud if you pop that instance/server generally speaking you only have access to that server. Yeh, you might find a db config with connection details if you landed on say a web app host but in general you still have to work to start popping the next N servers.
That's not the case when you are running in k8s and the last container breakout was just announced ~1 month ago: https://github.com/opencontainers/runc/security/advisories/G... .
At the end of the day it is simply not a security boundary. It can solve other problems but not security ones.
Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.
https://github.com/quay/clair
https://github.com/anchore/grype/
For the task of building the graph image, my first idea was to rely on buildah. In fact, our design was already heavily relying on containers/image for all things regarding copying images from one registry to the other, or from one registry to an archive. The obvious choice was to use the same suite of modules in order to keep dependencies to a minimum.
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.
Kubernetes on the backend used to utilize docker for much of its container runtime solutions. One of the modular features of Kubernetes is the ability to utilize a Container Runtime Interface or CRI. The problem was that Docker didn't really meet the spec properly and they had to maintain a shim to translate properly. Instead users could utilize the popular containerd or cri-o runtimes. These follow the Open Container Initiative or OCI's guidelines on container formats.
Project mention: Komiser – Your cloud resources will have nowhere to hide | news.ycombinator.com | 2023-10-17
A buildpack is a software, designed to transform application source code into executable (OCI) images that can run on a variety of cloud platforms. At its core, a buildpack is a directory that includes a specific file named buildpack.toml. This file contains metadata and configuration details that dictate how the buildpack should behave. Buildpacks in simple terms, is a set of standards defining how the different steps that are required to build a compliant container image can be automated. Using those standards, there are projects that have been built round enabling that using an CLI or an API. The most common way of doing that is through the Cloud Native Buildpacks' Pack project. Pack is a CLI command that can run in the same system the developers are using to actually go through creating a Dockerfile.
> Well, no. When people say "containers", they always mean "Docker".
Not really/necessarily. https://github.com/opencontainers/runtime-spec
My team is working on multi-cloud AWS Bottlerocket remix (Azure, GCP) with opt-in support for [firecracker-containerd](https://github.com/firecracker-microvm/firecracker-containerd) for our in-house CNCF distro, investigating microkernels applicability (tldr; they are not production-ready). We test kubernetes compat and migration plans for over 40+ cherry-picked solutions, and facing numerous compat issues for every k8s update. We do have support for Container Managed Control Planes described above, as well.
apko allows us to build OCI container images from .apk packages.
Project mention: The transitory nature of MLOps: Advocating for DevOps/MLOps coalescence | dev.to | 2024-03-25Back in 2013, a little company called Docker made it really easy to start using containers to package up applications. A big key to their success was the OCI (you can learn about that here), an industry wide initiative to have standards around how we package up our applications. Because of OCI standards, we have hundreds (maybe thousands?) of tools that can be combined to manage and deploy applications. So why aren’t we using this for packaging up Notebooks and AI models as well? It would make deploying, sharing, and managing our models easier for everyone involved.
Go OCI related posts
- Understanding Buildpacks in Cloud Native Buildpacks
- ARM vs x86 em Docker
- The transitory nature of MLOps: Advocating for DevOps/MLOps coalescence
- Exploring 5 Docker Alternatives: Containerization Choices for 2024
- Distribute Artifacts Across OCI Registries
- The Road To Kubernetes: How Older Technologies Add Up
- Several container breakouts due to internally leaked fds
-
A note from our sponsor - SaaSHub
www.saashub.com | 24 Apr 2024
Index
What are some of the best open-source OCI projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | podman | 21,645 |
2 | containerd | 16,292 |
3 | gvisor | 15,066 |
4 | runc | 11,407 |
5 | clair | 10,030 |
6 | distribution | 8,379 |
7 | buildkit | 7,655 |
8 | grype | 7,623 |
9 | buildah | 6,986 |
10 | syft | 5,451 |
11 | cri-o | 5,013 |
12 | pouch | 4,611 |
13 | komiser | 3,844 |
14 | image-spec | 3,247 |
15 | runtime-spec | 3,082 |
16 | firecracker-containerd | 2,047 |
17 | oras | 1,250 |
18 | zarf | 1,165 |
19 | apko | 1,055 |
20 | spegel | 791 |
21 | runq | 789 |
22 | distribution-spec | 735 |
23 | terraform-provider-oci | 723 |
Sponsored