SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 OCI Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
docker-images
Official source of container configurations, images, and examples for Oracle products and projects
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
kata-containers
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
-
komiser
Open-source cloud-environment inspector. Supporting AWS, GCP, Azure, and more! Your cloud resources will have nowhere to hide!
-
Cloud-Free-Tier-Comparison
Comparing the free tier offers of the major cloud providers like AWS, Azure, GCP, Oracle etc.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Example of why: https://github.com/containers/podman/issues/5102#issuecommen...
Project mention: Exploring 5 Docker Alternatives: Containerization Choices for 2024 | dev.to | 2024-03-18Containerd and nerdctl
Isn't gVisor kind of this as well?
"gVisor is an application kernel for containers. It limits the host kernel surface accessible to the application while still giving the application access to all the features it expects. Unlike most kernels, gVisor does not assume or require a fixed set of physical resources; instead, it leverages existing host kernel functionality and runs as a normal process. In other words, gVisor implements Linux by way of Linux."
https://github.com/google/gvisor
Project mention: Nix is a better Docker image builder than Docker's image builder | news.ycombinator.com | 2024-03-15
I can speak to this. Containers, and by extension k8s, break a well known security boundary that has existed for a very long time - whether you are using a real (hardware) server or a virtual machine on the cloud if you pop that instance/server generally speaking you only have access to that server. Yeh, you might find a db config with connection details if you landed on say a web app host but in general you still have to work to start popping the next N servers.
That's not the case when you are running in k8s and the last container breakout was just announced ~1 month ago: https://github.com/opencontainers/runc/security/advisories/G... .
At the end of the day it is simply not a security boundary. It can solve other problems but not security ones.
Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.
https://github.com/quay/clair
https://github.com/anchore/grype/
Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)
For the task of building the graph image, my first idea was to rely on buildah. In fact, our design was already heavily relying on containers/image for all things regarding copying images from one registry to the other, or from one registry to an archive. The obvious choice was to use the same suite of modules in order to keep dependencies to a minimum.
Project mention: Is there an image that i can deploy and install java on, and run java app? | /r/docker | 2023-06-18
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.
Kubernetes on the backend used to utilize docker for much of its container runtime solutions. One of the modular features of Kubernetes is the ability to utilize a Container Runtime Interface or CRI. The problem was that Docker didn't really meet the spec properly and they had to maintain a shim to translate properly. Instead users could utilize the popular containerd or cri-o runtimes. These follow the Open Container Initiative or OCI's guidelines on container formats.
Project mention: Komiser – Your cloud resources will have nowhere to hide | news.ycombinator.com | 2023-10-17
A buildpack is a software, designed to transform application source code into executable (OCI) images that can run on a variety of cloud platforms. At its core, a buildpack is a directory that includes a specific file named buildpack.toml. This file contains metadata and configuration details that dictate how the buildpack should behave. Buildpacks in simple terms, is a set of standards defining how the different steps that are required to build a compliant container image can be automated. Using those standards, there are projects that have been built round enabling that using an CLI or an API. The most common way of doing that is through the Cloud Native Buildpacks' Pack project. Pack is a CLI command that can run in the same system the developers are using to actually go through creating a Dockerfile.
> Well, no. When people say "containers", they always mean "Docker".
Not really/necessarily. https://github.com/opencontainers/runtime-spec
Project mention: Show HN: dockerc – Docker image to static executable "compiler" | news.ycombinator.com | 2024-03-06Yep pretty much.
The executables bundle crun (a container runtime)[0], and a fuse implementation of squashfs and overlayfs. Appended to that is a squashfs of the image.
At runtime the squashfs and overlayfs are mounted and the container is started.
[0]: https://github.com/containers/crun
OCI related posts
- Understanding Buildpacks in Cloud Native Buildpacks
- ARM vs x86 em Docker
- The transitory nature of MLOps: Advocating for DevOps/MLOps coalescence
- Exploring 5 Docker Alternatives: Containerization Choices for 2024
- Distribute Artifacts Across OCI Registries
- The Road To Kubernetes: How Older Technologies Add Up
- Several container breakouts due to internally leaked fds
-
A note from our sponsor - SaaSHub
www.saashub.com | 26 Apr 2024
Index
What are some of the best open-source OCI projects? This list will help you:
Project | Stars | |
---|---|---|
1 | podman | 21,645 |
2 | containerd | 16,292 |
3 | gvisor | 15,066 |
4 | jib | 13,377 |
5 | runc | 11,407 |
6 | clair | 10,030 |
7 | distribution | 8,379 |
8 | buildkit | 7,669 |
9 | grype | 7,649 |
10 | buildah | 6,986 |
11 | docker-images | 6,381 |
12 | youki | 5,778 |
13 | syft | 5,451 |
14 | cri-o | 5,013 |
15 | kata-containers | 4,877 |
16 | pouch | 4,612 |
17 | dockerfile | 4,006 |
18 | komiser | 3,844 |
19 | image-spec | 3,247 |
20 | cloudsploit | 3,172 |
21 | runtime-spec | 3,087 |
22 | crun | 2,777 |
23 | Cloud-Free-Tier-Comparison | 2,394 |
Sponsored