Get non-trivial tests (and trivial, too!) suggested right inside your IDE, so you can code smart, create more value, and stay confident when you push. Learn more →
Top 23 OCI Open-Source Projects
-
Project mention: Best virtualization solution with Ubuntu 22.04 | reddit.com/r/linuxquestions | 2023-05-28
-
Project mention: The advantage of WASM compared with container runtimes | news.ycombinator.com | 2023-05-28
Right now most early examples alas boot a container with a wasm runtime for each wasm instance, which is a sad waste. The whole advantage of wasm should be very lightweight low overhead wasm runtime instances atop a common wasm process. Having a process or container for each instance loses a ton of the benefit, makes it not much better than a regular container.
Thankfully there is work like the Containerd Sandbox API which enables new architectures like this. https://github.com/containerd/containerd/issues/4131
It's still being used to spawn a wasm processes per instance for now, but container runtime project Kuasar is already using the Sandbox API to save significant resources, and has already chimed in in comments on HN to express a desire to have shared-process/multi-wasm-instamxe runtimes, which could indeed allow sub ms spawning that could enable instance per request architectures. https://github.com/kuasar-io/kuasar
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
There's two major production-ready Go-based operating system(-ish) projects:
- Google's gVisor[1] (a re-implementation of a significant subset of the Linux syscall ABI for isolation, also mentioned in the article)
- USBArmory's Tamago[2] (a single-threaded bare-metal Go runtime for SOCs)
Both of these are security-focused with a clear trade off: sacrifice some performance for memory safe and excellent readability (and auditability). I feel like that's the sweet spot for low-level Go - projects that need memory safety but would rather trade some performance for simplicity.
-
JIB
-
Project mention: Best virtualization solution with Ubuntu 22.04 | reddit.com/r/linuxquestions | 2023-05-28
runc
-
Project mention: Open source container scanning tool to find vulnerabilities and suggest best practice improvements? | reddit.com/r/selfhosted | 2023-04-15
https://github.com/quay/clair 9.4k stars, updated 17 hours ago
-
To transfer the image between your local machine and the server, you'll need a registry such as Docker Hub or GitHub Container Registry. (Technically you can compress images and distribute them as files but it's more of a headache than it's worth) There are plenty of registries that will allow you to host private images if that's a concern for you, but it will be harder to find a free/cheap solution. You can also host your own registry using the Distribution Project. But be warned that while hosting a basic registry is really easy, locking it down can be a pain because of the lack of well maintained and easy to use projects.
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
Project mention: Is it possible to copy files from a manifest in Dockerfile? | reddit.com/r/docker | 2023-05-11
I do some search in the internet and there seems to be no good solution, so I just create a feature request: https://github.com/moby/buildkit/issues/3859
-
I appreciate that podman can run daemonless, but I've gotten tired of waiting for them to implement heredoc support and have continued to use docker.
-
docker-images
Official source of container configurations, images, and examples for Oracle products and projects
We run Oracle DB in Docker at work, works very well. You can build a docker image using this repository https://github.com/oracle/docker-images/tree/main/OracleDatabase
-
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22
Grype is another popular open source tool from Anchore. Working with SBOM files, Grype scans container images and filesystems for vulnerabilities. Grype supports different output formats for vulnerabilities and custom templates for output.
-
Somebody at Oracle was at one point writing an implementation of the oci-runtime in rust https://github.com/oracle/railcar/, an active successor of that project appears to be https://github.com/containers/youki
-
-
With CRI-O I believe you can configure registry mirror locations…. Similar to this: https://github.com/cri-o/cri-o/issues/4941
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.
-
-
Project mention: Firecracker internals: deep dive inside the technology powering AWS Lambda(2021) | news.ycombinator.com | 2023-02-27
Not a drop-in replacement: the OCI image entry point is not automatically executed. https://github.com/weaveworks/ignite/issues/874 (issue opened in 2021).
-
kata-containers
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
As I understand,Kata Containers
-
Otras iniciativas empezaron a surgir debido a la alta popularidad de los containers y debido a esto, en 2015 se crea OCI(Open Container Initiative) para definir un estandar para containers(runtimes e imagenes).
-
-
Project mention: Open source alternative cloud security tool that works like Wiz/Lacework/Aqua | reddit.com/r/cybersecurity | 2023-03-06
I also heard about CloudSploit by Aqua, but never actually used it yet. You might want to take a look. CloudSploit
-
Project mention: Best virtualization solution with Ubuntu 22.04 | reddit.com/r/linuxquestions | 2023-05-28
crun
-
firecracker-containerd
firecracker-containerd enables containerd to manage containers as Firecracker microVMs
My team is working on multi-cloud AWS Bottlerocket remix (Azure, GCP) with opt-in support for [firecracker-containerd](https://github.com/firecracker-microvm/firecracker-containerd) for our in-house CNCF distro, investigating microkernels applicability (tldr; they are not production-ready). We test kubernetes compat and migration plans for over 40+ cherry-picked solutions, and facing numerous compat issues for every k8s update. We do have support for Container Managed Control Planes described above, as well.
-
ONLYOFFICE
ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
OCI related posts
- The advantage of WASM compared with container runtimes
- Best virtualization solution with Ubuntu 22.04
- Tool to build Docker images
- Is docker dying?
- Can't pull private registry images
- Help with etcd cluster: "Error: unhealthy cluster"
- OS in Go? Why Not
-
A note from our sponsor - CodiumAI
codium.ai | 29 May 2023
Index
What are some of the best open-source OCI projects? This list will help you:
Project | Stars | |
---|---|---|
1 | podman | 17,984 |
2 | containerd | 14,031 |
3 | gvisor | 13,833 |
4 | jib | 12,782 |
5 | runc | 10,374 |
6 | clair | 9,534 |
7 | distribution | 7,559 |
8 | buildkit | 6,741 |
9 | buildah | 6,280 |
10 | docker-images | 6,038 |
11 | grype | 5,778 |
12 | youki | 4,710 |
13 | pouch | 4,590 |
14 | cri-o | 4,572 |
15 | syft | 4,157 |
16 | dockerfile | 3,950 |
17 | ignite | 3,390 |
18 | kata-containers | 3,358 |
19 | runtime-spec | 2,816 |
20 | image-spec | 2,799 |
21 | cloudsploit | 2,599 |
22 | crun | 2,205 |
23 | firecracker-containerd | 1,839 |