Open-source Go projects categorized as OCI

The Open Container Initiative (OCI) is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes. Established in June 2015 by Docker and other leaders in the container industry, the OCI currently contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec). The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk.

Top 23 Go OCI Projects

  • podman

    Podman: A tool for managing OCI containers and pods.

    Project mention: Podman not port forwarding on the mac with --host | /r/podman | 2023-09-24
  • containerd

    An open and reliable container runtime

    Project mention: Latest versions of Docker cause memory leak in MySQL 5.7 | news.ycombinator.com | 2023-09-07
  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  • gvisor

    Application Kernel for Containers

    Project mention: Faster Filesystem Access with Directfs | news.ycombinator.com | 2023-07-28

    This sort of feels like seeing someone riding a bike and saying: why don’t they just get a car? The simple fact is that containers and VMs are quite different. Whether something uses VMX and friends or not is also a red herring, as gVisor also “rolls it own VMM” [1].

    [1] https://github.com/google/gvisor/tree/master/pkg/sentry/plat...

  • runc

    CLI tool for spawning and running containers according to the OCI specification

    Project mention: US Cybersecurity: The Urgent Need for Memory Safety in Software Products | news.ycombinator.com | 2023-09-21

    It's interesting that, in light of things like this, you still see large software companies adding support for new components written in non-memory safe languages (e.g. C)

    As an example Red Hat OpenShift added support for crun(https://github.com/containers/crun) this year(https://cloud.redhat.com/blog/whats-new-in-red-hat-openshift...), which is written in C as an alternative to runc, which is written in Go(https://github.com/opencontainers/runc)...

  • clair

    Vulnerability Static Analysis for Containers

    Project mention: Open source container scanning tool to find vulnerabilities and suggest best practice improvements? | /r/selfhosted | 2023-04-15

    https://github.com/quay/clair 9.4k stars, updated 17 hours ago

  • distribution

    The toolkit to pack, ship, store, and deliver container content

    Project mention: How Do I Actually Use Docker? | /r/selfhosted | 2023-04-15

    To transfer the image between your local machine and the server, you'll need a registry such as Docker Hub or GitHub Container Registry. (Technically you can compress images and distribute them as files but it's more of a headache than it's worth) There are plenty of registries that will allow you to host private images if that's a concern for you, but it will be harder to find a free/cheap solution. You can also host your own registry using the Distribution Project. But be warned that while hosting a basic registry is really easy, locking it down can be a pain because of the lack of well maintained and easy to use projects.

  • buildkit

    concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

    Project mention: Jenkins Agents On Kubernetes | dev.to | 2023-09-04

    Now since Kubernetes works off of containerd I'll be taking a different approach on handling container builds by using nerdctl and the buildkit that comes bundled with it. I'll do this on the amd64 control plane node since it's beefier than my Raspberry Pi workers for handling builds and build related services. Go ahead and download and unpack the latest nerdctl release as of writing (make sure to check the release page in case there's a new one):

  • Mergify

    Updating dependencies is time-consuming.. Solutions like Dependabot or Renovate update but don't merge dependencies. You need to do it manually while it could be fully automated! Add a Merge Queue to your workflow and stop caring about PR management & merging. Try Mergify for free.

  • buildah

    A tool that facilitates building OCI images.

    Project mention: Podman Desktop for Java Development | /r/java | 2023-05-08

    I appreciate that podman can run daemonless, but I've gotten tired of waiting for them to implement heredoc support and have continued to use docker.

  • grype

    A vulnerability scanner for container images and filesystems

    Project mention: Scanning and remediating vulnerabilities with Grype | dev.to | 2023-08-19

    In the lab to follow, we'll see how vulnerability scanning can be conveniently achieved with Grype and how various systematic techniques can be applied to start securing our microservices at the container image level.

  • cri-o

    Open Container Initiative-based implementation of Kubernetes Container Runtime Interface

    Project mention: Creating Kubernetes Cluster With CRI-O | dev.to | 2023-07-30

    Container Runtime Interface (CRI) is one of the important parts of the Kubernetes cluster. It is a plugin interface allowing kubelet to use different container runtimes. And recently CRI-O container runtime has been announced as a CNCF Graduated project. I thought of writing a blog on CRI-O and how to set up a single-node Kubernetes cluster with Kubeadm and CRI-O.

  • syft

    CLI tool and library for generating a Software Bill of Materials from container images and filesystems

    Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22

    Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.

  • pouch

    An Efficient Enterprise-class Container Engine

  • image-spec

    OCI Image Format

    Project mention: Homelab advice | /r/kubernetes | 2023-06-04
  • runtime-spec

    OCI Runtime Specification

    Project mention: Containers - entre historia y runtimes | dev.to | 2023-04-26

    Otras iniciativas empezaron a surgir debido a la alta popularidad de los containers y debido a esto, en 2015 se crea OCI(Open Container Initiative) para definir un estandar para containers(runtimes e imagenes).

  • firecracker-containerd

    firecracker-containerd enables containerd to manage containers as Firecracker microVMs

    Project mention: Savings cost for self managed K8s? | /r/kubernetes | 2023-05-03

    My team is working on multi-cloud AWS Bottlerocket remix (Azure, GCP) with opt-in support for [firecracker-containerd](https://github.com/firecracker-microvm/firecracker-containerd) for our in-house CNCF distro, investigating microkernels applicability (tldr; they are not production-ready). We test kubernetes compat and migration plans for over 40+ cherry-picked solutions, and facing numerous compat issues for every k8s update. We do have support for Container Managed Control Planes described above, as well.

  • oras

    OCI registry client - managing content like artifacts, images, packages

    Project mention: RFC 6920: Naming Things with Hashes | news.ycombinator.com | 2023-08-22

    Interesting, I'd not known of this RFC before.

    Another example of a content-addressed data store could be OCI registries (more commonly known as container image registries). Using them to store arbitrary artefacts is quite well supported now: https://oras.land/

  • apko

    Build OCI images from APK packages directly without Dockerfile

    Project mention: Docker Is Four Things | news.ycombinator.com | 2023-08-31

    We have built something very similar to what you are describing: https://github.com/chainguard-dev/apko

  • runq

    run regular Docker images in KVM/Qemu

  • zarf

    DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

    Project mention: Air gapped on prem install - what would you do? | /r/kubernetes | 2023-07-01

    There is a tool written for this exact scenario! (disclaimer: I am a maintainer) https://github.com/defenseunicorns/zarf . Zarf can create packages out of all of your images, Helm charts, manifests... and deploy that package w/ zero dependencies on the other side (you can even use k3s built into the default init package if you don't have a cluster). The docs do it more justice https://docs.zarf.dev/docs/zarf-overview .

  • terraform-provider-oci

    Terraform Oracle Cloud Infrastructure provider (by oracle)

    Project mention: My very first Hackathon and my first Dev.to post | dev.to | 2023-04-08

    It was time to work on the infrastructure, we already made some decisions and assumed pros and cons. I already have worked with Google Cloud and I especially love how they use Kubernetes, so I wanted to learn how I can use it in Oracle Cloud (via Terraform if possible). I use k8s and Terraform at my home lab, so it should be easy to set up the infrastructure for this project, and it was thanks to the OCI Terraform provider.

  • distribution-spec

    OCI Distribution Specification

    Project mention: Creating Kubernetes Cluster With CRI-O | dev.to | 2023-07-30

    CRI-O is a lightweight container runtime for Kubernetes. It is an implementation of Kubernetes CRI to use Open Container Initiative (OCI) compatible runtimes for running pods. It supports runc and Kata Containers as the container runtimes, but any OCI-compatible runtime can be integrated.

  • umoci

    umoci modifies Open Container images

  • runj

    runj is an experimental, proof-of-concept OCI-compatible runtime for FreeBSD jails.

    Project mention: HelloSystem: A graphical OS built on FreeBSD | news.ycombinator.com | 2023-08-26

    a couple projects underway for containers, still wip but promising.



  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-09-24.

Go OCI related posts


What are some of the best open-source OCI projects in Go? This list will help you:

Project Stars
1 podman 19,081
2 containerd 14,852
3 gvisor 14,171
4 runc 10,755
5 clair 9,712
6 distribution 7,831
7 buildkit 7,067
8 buildah 6,528
9 grype 6,507
10 cri-o 4,751
11 syft 4,676
12 pouch 4,604
13 image-spec 2,950
14 runtime-spec 2,914
15 firecracker-containerd 1,914
16 oras 1,065
17 apko 838
18 runq 755
19 zarf 708
20 terraform-provider-oci 678
21 distribution-spec 641
22 umoci 628
23 runj 553
Static code analysis for 29 languages.
Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.