Open-source projects categorized as OCI

The Open Container Initiative (OCI) is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes. Established in June 2015 by Docker and other leaders in the container industry, the OCI currently contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec). The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk.

Top 23 OCI Open-Source Projects

  • podman

    Podman: A tool for managing OCI containers and pods.

    Project mention: Best virtualization solution with Ubuntu 22.04 | reddit.com/r/linuxquestions | 2023-05-28
  • containerd

    An open and reliable container runtime

    Project mention: The advantage of WASM compared with container runtimes | news.ycombinator.com | 2023-05-28

    Right now most early examples alas boot a container with a wasm runtime for each wasm instance, which is a sad waste. The whole advantage of wasm should be very lightweight low overhead wasm runtime instances atop a common wasm process. Having a process or container for each instance loses a ton of the benefit, makes it not much better than a regular container.

    Thankfully there is work like the Containerd Sandbox API which enables new architectures like this. https://github.com/containerd/containerd/issues/4131

    It's still being used to spawn a wasm processes per instance for now, but container runtime project Kuasar is already using the Sandbox API to save significant resources, and has already chimed in in comments on HN to express a desire to have shared-process/multi-wasm-instamxe runtimes, which could indeed allow sub ms spawning that could enable instance per request architectures. https://github.com/kuasar-io/kuasar

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • gvisor

    Application Kernel for Containers

    Project mention: OS in Go? Why Not | news.ycombinator.com | 2023-05-21

    There's two major production-ready Go-based operating system(-ish) projects:

    - Google's gVisor[1] (a re-implementation of a significant subset of the Linux syscall ABI for isolation, also mentioned in the article)

    - USBArmory's Tamago[2] (a single-threaded bare-metal Go runtime for SOCs)

    Both of these are security-focused with a clear trade off: sacrifice some performance for memory safe and excellent readability (and auditability). I feel like that's the sweet spot for low-level Go - projects that need memory safety but would rather trade some performance for simplicity.

    [1]: https://github.com/google/gvisor

    [2]: https://github.com/usbarmory/tamago

  • jib

    🏗 Build container images for your Java applications.

    Project mention: Tool to build Docker images | reddit.com/r/devops | 2023-05-26


  • runc

    CLI tool for spawning and running containers according to the OCI specification

    Project mention: Best virtualization solution with Ubuntu 22.04 | reddit.com/r/linuxquestions | 2023-05-28


  • clair

    Vulnerability Static Analysis for Containers

    Project mention: Open source container scanning tool to find vulnerabilities and suggest best practice improvements? | reddit.com/r/selfhosted | 2023-04-15

    https://github.com/quay/clair 9.4k stars, updated 17 hours ago

  • distribution

    The toolkit to pack, ship, store, and deliver container content

    Project mention: How Do I Actually Use Docker? | reddit.com/r/selfhosted | 2023-04-15

    To transfer the image between your local machine and the server, you'll need a registry such as Docker Hub or GitHub Container Registry. (Technically you can compress images and distribute them as files but it's more of a headache than it's worth) There are plenty of registries that will allow you to host private images if that's a concern for you, but it will be harder to find a free/cheap solution. You can also host your own registry using the Distribution Project. But be warned that while hosting a basic registry is really easy, locking it down can be a pain because of the lack of well maintained and easy to use projects.

  • InfluxDB

    Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  • buildkit

    concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

    Project mention: Is it possible to copy files from a manifest in Dockerfile? | reddit.com/r/docker | 2023-05-11

    I do some search in the internet and there seems to be no good solution, so I just create a feature request: https://github.com/moby/buildkit/issues/3859

  • buildah

    A tool that facilitates building OCI images.

    Project mention: Podman Desktop for Java Development | reddit.com/r/java | 2023-05-08

    I appreciate that podman can run daemonless, but I've gotten tired of waiting for them to implement heredoc support and have continued to use docker.

  • docker-images

    Official source of container configurations, images, and examples for Oracle products and projects

    Project mention: Oracle DB on Arch? Possible? | reddit.com/r/archlinux | 2023-04-26

    We run Oracle DB in Docker at work, works very well. You can build a docker image using this repository https://github.com/oracle/docker-images/tree/main/OracleDatabase

  • grype

    A vulnerability scanner for container images and filesystems

    Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22

    Grype is another popular open source tool from Anchore. Working with SBOM files, Grype scans container images and filesystems for vulnerabilities. Grype supports different output formats for vulnerabilities and custom templates for output.

  • youki

    A container runtime written in Rust

    Project mention: Discord and the JVM | reddit.com/r/java | 2023-03-07

    Somebody at Oracle was at one point writing an implementation of the oci-runtime in rust https://github.com/oracle/railcar/, an active successor of that project appears to be https://github.com/containers/youki

  • pouch

    An Efficient Enterprise-class Container Engine

  • cri-o

    Open Container Initiative-based implementation of Kubernetes Container Runtime Interface

    Project mention: How are they doing it? | reddit.com/r/kubernetes | 2023-05-02

    With CRI-O I believe you can configure registry mirror locations…. Similar to this: https://github.com/cri-o/cri-o/issues/4941

  • syft

    CLI tool and library for generating a Software Bill of Materials from container images and filesystems

    Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22

    Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.

  • dockerfile

    Dockerfile best-practices for writing production-worthy Docker images.

  • ignite

    Ignite a Firecracker microVM (by weaveworks)

    Project mention: Firecracker internals: deep dive inside the technology powering AWS Lambda(2021) | news.ycombinator.com | 2023-02-27

    Not a drop-in replacement: the OCI image entry point is not automatically executed. https://github.com/weaveworks/ignite/issues/874 (issue opened in 2021).

  • kata-containers

    Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/

    Project mention: Kata Containers vs gVisor? | reddit.com/r/codehunter | 2022-07-14

    As I understand,Kata Containers

  • runtime-spec

    OCI Runtime Specification

    Project mention: Containers - entre historia y runtimes | dev.to | 2023-04-26

    Otras iniciativas empezaron a surgir debido a la alta popularidad de los containers y debido a esto, en 2015 se crea OCI(Open Container Initiative) para definir un estandar para containers(runtimes e imagenes).

  • image-spec

    OCI Image Format

    Project mention: Containers - entre historia y runtimes | dev.to | 2023-04-26
  • cloudsploit

    Cloud Security Posture Management (CSPM)

    Project mention: Open source alternative cloud security tool that works like Wiz/Lacework/Aqua | reddit.com/r/cybersecurity | 2023-03-06

    I also heard about CloudSploit by Aqua, but never actually used it yet. You might want to take a look. CloudSploit

  • crun

    A fast and lightweight fully featured OCI runtime and C library for running containers

    Project mention: Best virtualization solution with Ubuntu 22.04 | reddit.com/r/linuxquestions | 2023-05-28


  • firecracker-containerd

    firecracker-containerd enables containerd to manage containers as Firecracker microVMs

    Project mention: Savings cost for self managed K8s? | reddit.com/r/kubernetes | 2023-05-03

    My team is working on multi-cloud AWS Bottlerocket remix (Azure, GCP) with opt-in support for [firecracker-containerd](https://github.com/firecracker-microvm/firecracker-containerd) for our in-house CNCF distro, investigating microkernels applicability (tldr; they are not production-ready). We test kubernetes compat and migration plans for over 40+ cherry-picked solutions, and facing numerous compat issues for every k8s update. We do have support for Container Managed Control Planes described above, as well.


    ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-05-28.

OCI related posts


What are some of the best open-source OCI projects? This list will help you:

Project Stars
1 podman 17,984
2 containerd 14,031
3 gvisor 13,833
4 jib 12,782
5 runc 10,374
6 clair 9,534
7 distribution 7,559
8 buildkit 6,741
9 buildah 6,280
10 docker-images 6,038
11 grype 5,778
12 youki 4,710
13 pouch 4,590
14 cri-o 4,572
15 syft 4,157
16 dockerfile 3,950
17 ignite 3,390
18 kata-containers 3,358
19 runtime-spec 2,816
20 image-spec 2,799
21 cloudsploit 2,599
22 crun 2,205
23 firecracker-containerd 1,839
TestGPT | Generating meaningful tests for busy devs
Get non-trivial tests (and trivial, too!) suggested right inside your IDE, so you can code smart, create more value, and stay confident when you push.