Top 23 Go OCI Projects

• podman

  361 22,019 10.0 Go

  Podman: A tool for managing OCI containers and pods.

  

Project mention: Root your Docker host in 10 seconds for fun and profit | news.ycombinator.com | 2024-05-28

• containerd

  126 16,478 9.9 Go

  An open and reliable container runtime

  

Project mention: Estrutura de projetos Go | dev.to | 2024-05-17

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• gvisor

  65 15,169 9.9 Go

  Application Kernel for Containers

  

Project mention: My VM is lighter (and safer) than your container | news.ycombinator.com | 2024-05-14

• runc

  32 11,504 9.3 Go

  CLI tool for spawning and running containers according to the OCI specification

  

Project mention: Nanos – A Unikernel | news.ycombinator.com | 2024-03-13

I can speak to this. Containers, and by extension k8s, break a well known security boundary that has existed for a very long time - whether you are using a real (hardware) server or a virtual machine on the cloud if you pop that instance/server generally speaking you only have access to that server. Yeh, you might find a db config with connection details if you landed on say a web app host but in general you still have to work to start popping the next N servers.

That's not the case when you are running in k8s and the last container breakout was just announced ~1 month ago: https://github.com/opencontainers/runc/security/advisories/G... .

At the end of the day it is simply not a security boundary. It can solve other problems but not security ones.

• clair

  21 10,084 9.2 Go

  Vulnerability Static Analysis for Containers

  

Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28

Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.

https://github.com/quay/clair

https://github.com/anchore/grype/

• distribution

  15 8,484 9.4 Go

  The toolkit to pack, ship, store, and deliver container content

  

• grype

  57 7,970 9.5 Go

  A vulnerability scanner for container images and filesystems

  

Project mention: A vulnerability scanner for container images and filesystems | news.ycombinator.com | 2024-05-24

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• buildkit

  54 7,740 9.8 Go

  concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

  

Project mention: Caching PNPM Modules in Docker Builds in GitHub Actions | dev.to | 2024-05-06

The currently proposed solution is to allow Docker to bind the cache directory in the build to a directory on the host. This way the cache could be persisted externally. However, this issue has been opened for almost 4 years (May 27, 2020) with no clear answer as to whether it'll be implemented any time soon.

• buildah

  26 7,065 9.6 Go

  A tool that facilitates building OCI images.

  

Project mention: Using ARG in a Dockerfile – beware the gotcha | news.ycombinator.com | 2024-05-14

I wish we would rather get rid of Dockerfile in favor of something like buildah does:

https://github.com/containers/buildah/blob/main/examples/lig...

Since Dockerfile is a rather limited and (IMHO) poorly executed re-implementation of a shell script, why not rather use shell directly? Not even bash with coreutils is necessary: even posix sh with busybox can do far more than Dockerfile, and you can use something else (like Python) and take it very far indeed.

• syft

  32 5,566 9.8 Go

  CLI tool and library for generating a Software Bill of Materials from container images and filesystems

  

• cri-o

  33 5,044 9.8 Go

  Open Container Initiative-based implementation of Kubernetes Container Runtime Interface

  

Project mention: The Road To Kubernetes: How Older Technologies Add Up | dev.to | 2024-02-05

Kubernetes on the backend used to utilize docker for much of its container runtime solutions. One of the modular features of Kubernetes is the ability to utilize a Container Runtime Interface or CRI. The problem was that Docker didn't really meet the spec properly and they had to maintain a shim to translate properly. Instead users could utilize the popular containerd or cri-o runtimes. These follow the Open Container Initiative or OCI's guidelines on container formats.

• pouch

  1 4,616 1.6 Go

  An Efficient Enterprise-class Container Engine

  

• komiser

  11 3,867 9.7 Go

  Open-source cloud-environment inspector. Supporting AWS, GCP, Azure, and more! Your cloud resources will have nowhere to hide!

  

Project mention: Komiser – Your cloud resources will have nowhere to hide | news.ycombinator.com | 2023-10-17

• image-spec

  25 3,303 7.1 Go

  OCI Image Format

  

Project mention: Understanding Buildpacks in Cloud Native Buildpacks | dev.to | 2024-04-22

A buildpack is a software, designed to transform application source code into executable (OCI) images that can run on a variety of cloud platforms. At its core, a buildpack is a directory that includes a specific file named buildpack.toml. This file contains metadata and configuration details that dictate how the buildpack should behave. Buildpacks in simple terms, is a set of standards defining how the different steps that are required to build a compliant container image can be automated. Using those standards, there are projects that have been built round enabling that using an CLI or an API. The most common way of doing that is through the Cloud Native Buildpacks' Pack project. Pack is a CLI command that can run in the same system the developers are using to actually go through creating a Dockerfile.

• runtime-spec

  11 3,105 5.9 Go

  OCI Runtime Specification

  

Project mention: The What, Why and How of Containers | news.ycombinator.com | 2024-03-27

> Well, no. When people say "containers", they always mean "Docker".

Not really/necessarily. https://github.com/opencontainers/runtime-spec

• firecracker-containerd

  11 2,065 4.3 Go

  firecracker-containerd enables containerd to manage containers as Firecracker microVMs

  

Project mention: My VM is lighter (and safer) than your container | news.ycombinator.com | 2024-05-14

• oras

  8 1,290 9.3 Go

  OCI registry client - managing content like artifacts, images, packages

  

Project mention: Distribute Artifacts Across OCI Registries | news.ycombinator.com | 2024-03-13

• zarf

  6 1,233 9.6 Go

  DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

  

Project mention: Zarf: K8s in Airgapped Environments | news.ycombinator.com | 2024-01-11

• apko

  14 1,090 9.4 Go

  Build OCI images from APK packages directly without Dockerfile

  

Project mention: Distroless images using melange and apko | dev.to | 2023-12-22

apko allows us to build OCI container images from .apk packages.

• spegel

  8 869 9.4 Go

  Stateless cluster local OCI registry mirror.

  

Project mention: BTFS (BitTorrent Filesystem) | news.ycombinator.com | 2024-04-15

• runq

  2 795 5.4 Go

  run regular Docker images in KVM/Qemu

  

• distribution-spec

  55 761 7.5 Go

  OCI Distribution Specification

  

Project mention: A Brief History Of Serverless | dev.to | 2024-05-13

Internally, Google used a platform called Borg which is still used by Google to this day. It also served as the basis for Kubernetes. Borg is a container-based platform whose goal was to allow developers to focus on code, not infrastructure. Google has an entire infrastructure team to manage the datacenters. This system came out circa 2004. This predates the advent of modern OCI Containers by about a decade.

• zot

  1 764 9.4 Go

  zot - A production-ready vendor-neutral OCI-native container image/artifact registry (purely based on OCI Distribution Specification)

  

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Go OCI related posts

• Understanding Buildpacks in Cloud Native Buildpacks

  1 project | dev.to | 22 Apr 2024

• ARM vs x86 em Docker

  1 project | dev.to | 5 Apr 2024

• The transitory nature of MLOps: Advocating for DevOps/MLOps coalescence

  2 projects | dev.to | 25 Mar 2024

• Exploring 5 Docker Alternatives: Containerization Choices for 2024

  3 projects | dev.to | 18 Mar 2024

• Distribute Artifacts Across OCI Registries

  1 project | news.ycombinator.com | 13 Mar 2024

• The Road To Kubernetes: How Older Technologies Add Up

  5 projects | dev.to | 5 Feb 2024

• Several container breakouts due to internally leaked fds

  1 project | news.ycombinator.com | 1 Feb 2024
• A note from our sponsor - InfluxDB
  www.influxdata.com | 1 Jun 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Go projects with our weekly report!