Go OCI

Open-source Go projects categorized as OCI

The Open Container Initiative (OCI) is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes. Established in June 2015 by Docker and other leaders in the container industry, the OCI currently contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec). The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk.

Top 23 Go OCI Projects

  1. podman

    Podman: A tool for managing OCI containers and pods.

    Project mention: Replacing Kubernetes with Systemd | news.ycombinator.com | 2025-05-05

    Neat. I like to see other takes on this. Any reason to use rootless vs `userns=auto`? I haven't really seen any discussion of it other than this issue: https://github.com/containers/podman/discussions/13728

  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  3. containerd

    An open and reliable container runtime

    Project mention: Kubernetes Without Docker: Why Container Runtimes Are Changing the Game in 2025 | dev.to | 2025-04-23

    containerd Official Site The runtime powering most cloud K8s clusters and your future mental breakdowns.

  4. gvisor

    Application Kernel for Containers

    Project mention: Kubernetes Without Docker: Why Container Runtimes Are Changing the Game in 2025 | dev.to | 2025-04-23

    gVisor: Sandboxed Container Runtime by Google For when your security team actually audits things.

  5. runc

    CLI tool for spawning and running containers according to the OCI specification

    Project mention: Securing Kubernetes: Encrypting Data at Rest with kubeadm and containerd on Amazon Linux 2023 | dev.to | 2025-04-15

    Installed runc v1.2.6 runc

  6. clair

    Vulnerability Static Analysis for Containers

    Project mention: Dockerfile Best Practices: Building Efficient and Secure Containers | dev.to | 2024-08-16

    Regularly scan your Docker images for vulnerabilities using tools like Trivy or Clair.

  7. grype

    A vulnerability scanner for container images and filesystems

    Project mention: Deep Dive 🤿: Where Does Grype Data Come From? | dev.to | 2024-11-12
  8. distribution

    The toolkit to pack, ship, store, and deliver container content

    Project mention: Automatic tag deletion for Docker registries | dev.to | 2025-05-13

    Over time, registries accumulate a lot of garbage in the form of blobs referenced by old images that are not needed anymore. Many registry implementations, such as CNCF Distribution, offer garbage-collection mechanisms to delete unreferenced blobs and free up storage space. However, for that to happen, old images (tags) referencing them have to be deleted first.

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. buildkit

    concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

    Project mention: Kubernetes Without Docker: Why Container Runtimes Are Changing the Game in 2025 | dev.to | 2025-04-23

    BuildKit Faster Docker Builds Build speed + cache control = win.

  11. buildah

    A tool that facilitates building OCI images.

    Project mention: A Safer Container Runtime | dev.to | 2025-03-31

    Buildah is another tool that can build OCI container images without requiring root privileges:

  12. syft

    CLI tool and library for generating a Software Bill of Materials from container images and filesystems

    Project mention: Open Source projects could sell SBoM fragments | news.ycombinator.com | 2025-02-17

    Syft (https://github.com/anchore/syft) and ScanCode (https://github.com/aboutcode-org/scancode-toolkit) are good open-source tools to generate SBOMs and search repos for licensing information — I'm curious to hear if there are reasons why those wouldn't work for enterprise purposes.

  13. cri-o

    Open Container Initiative-based implementation of Kubernetes Container Runtime Interface

    Project mention: We clone a running VM in 2 seconds | news.ycombinator.com | 2025-04-11

    Yes - using Cri-o[0] or docker checkpoint/restore api (which uses cri-o)

    [0] - https://cri-o.io/

  14. pouch

    An Efficient Enterprise-class Container Engine

  15. komiser

    Open-source cloud-environment inspector. Supporting AWS, GCP, Azure, and more! Your cloud resources will have nowhere to hide!

    Project mention: Managing Cloud Costs and Security with Tailwarden | dev.to | 2024-09-09

    Another option is a similar product offered by Tailwarden, which is open source. It will offer a few different options and the hosting part will be up to you. This is Komiser, whose code is available on Github, and which provides a Docker image.

  16. image-spec

    OCI Image Format

  17. runtime-spec

    OCI Runtime Specification

    Project mention: Building a Linux Container Runtime from Scratch | news.ycombinator.com | 2025-03-26

    Why not use any of the existing OCI Runtimes? They take well-defined[0] JSON description as input, and are pretty well-contained (single static binary). And because they are separate binaries, not libraries, you don't need to worry about things like thread safety or FD leaking.

    [0] https://github.com/opencontainers/runtime-spec/blob/main/con...

  18. spegel

    Stateless cluster local OCI registry mirror.

    Project mention: Getting Forked by Microsoft | news.ycombinator.com | 2025-04-21

    First, if Microsoft used any of the Spegel code then it should provide proper attribution. A best practice is to put the LICENSE file in the root of project (both peerd and spegel do). But also, you need to put the license in the header of each file as a best practice. Like Microsoft did here https://github.com/Azure/peerd/blob/main/api/docs.go#L1

    spegel did not follow best practices to put the copyright in the file itself: https://github.com/spegel-org/spegel/blob/main/internal/web/...

    Ideally starting with something like this

    // SPDX-License-Identifier: MIT

  19. firecracker-containerd

    firecracker-containerd enables containerd to manage containers as Firecracker microVMs

  20. oras

    OCI registry client - managing content like artifacts, images, packages

    Project mention: Introduction to Gitless GitOps: A New OCI-Centric and Secure Architecture | dev.to | 2025-04-16

    For implementation, the OCI artifact manipulation client tool ORAS (CNCF Sandbox project) seems useful. Flux uses oras-go.

  21. zarf

    DevSecOps for Airgap & Limited-Connection Systems. https://zarf.dev/

    Project mention: Zarf: DevSecOps for Air Gap and Limited-Connection Systems | news.ycombinator.com | 2025-02-23
  22. apko

    Build OCI images from APK packages directly without Dockerfile

    Project mention: Dockerfmt: A Dockerfile Formatter | news.ycombinator.com | 2025-04-08

    kaniko <https://github.com/GoogleContainerTools/kaniko>, ko <https://github.com/ko-build/ko>, bazel <https://github.com/bazel-contrib/rules_oci>, apko <https://github.com/chainguard-dev/apko>, or other tools.

    Each of those has tradeoffs compared to Dockerfiles (I have no need for bazel, but if I did, then adding `rules_oci` might be a win-win, rather than using a Dockerfile). If I used Nix, then the Nix dockerTools would be a huge win (I don't use Nix). If I were shipping Go programs, `ko` would likely be a good baseline.

  23. zot

    zot - A scale-out production-ready vendor-neutral OCI-native container image/artifact registry (purely based on OCI Distribution Specification)

    Project mention: serverless-registry: A Docker registry backed by Workers and R2 | news.ycombinator.com | 2024-09-05

    Yeah in our case we are operating a private registry on behalf of our customers, so slightly different use-case than running your own registry for your own internal use.

    If you do want to run your own registry, there's some great OSS projects including https://github.com/project-zot/zot, https://goharbor.io/, and of course https://github.com/distribution/distribution.

  24. distribution-spec

    OCI Distribution Specification

    Project mention: Embracing Open Standards in Cloud-Native Development | dev.to | 2025-05-01

    The Open Container Initiative (OCI) defines standards for container formats and runtimes to ensure consistency and compatibility across different container tools and platforms. It encompasses:

  25. flintlock

    Lock, Stock, and Two Smoking MicroVMs. Create and manage the lifecycle of MicroVMs backed by containerd.

    Project mention: Flintlock: Lock, Stock, and Two Smoking MicroVMs | news.ycombinator.com | 2024-09-03
  26. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Go OCI discussion

Log in or Post with

Go OCI related posts

  • Automatic tag deletion for Docker registries

    3 projects | dev.to | 13 May 2025
  • Embracing Open Standards in Cloud-Native Development

    2 projects | dev.to | 1 May 2025
  • Open Container Initiative

    1 project | news.ycombinator.com | 1 May 2025
  • Kubernetes Without Docker: Why Container Runtimes Are Changing the Game in 2025

    7 projects | dev.to | 23 Apr 2025
  • Securing Kubernetes: Encrypting Data at Rest with kubeadm and containerd on Amazon Linux 2023

    4 projects | dev.to | 15 Apr 2025
  • We clone a running VM in 2 seconds

    2 projects | news.ycombinator.com | 11 Apr 2025
  • OCI Registry as Storage (ORAS): Distribute Artifacts Across OCI Registries

    1 project | news.ycombinator.com | 26 Mar 2025
  • A note from our sponsor - SaaSHub
    www.saashub.com | 17 May 2025
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source OCI projects in Go? This list will help you:

# Project Stars
1 podman 26,739
2 containerd 18,540
3 gvisor 16,456
4 runc 12,351
5 clair 10,613
6 grype 9,841
7 distribution 9,518
8 buildkit 8,724
9 buildah 7,851
10 syft 6,956
11 cri-o 5,403
12 pouch 4,642
13 komiser 4,050
14 image-spec 3,735
15 runtime-spec 3,357
16 spegel 2,655
17 firecracker-containerd 2,350
18 oras 1,725
19 zarf 1,552
20 apko 1,350
21 zot 1,218
22 distribution-spec 926
23 flintlock 832

Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com

Did you know that Go is
the 4th most popular programming language
based on number of references?