Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Go OCI Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
komiser
Open-source cloud-environment inspector. Supporting AWS, GCP, Azure, and more! Your cloud resources will have nowhere to hide!
-
firecracker-containerd
firecracker-containerd enables containerd to manage containers as Firecracker microVMs
-
zot
zot - A production-ready vendor-neutral OCI-native container image/artifact registry (purely based on OCI Distribution Specification)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Root your Docker host in 10 seconds for fun and profit | news.ycombinator.com | 2024-05-28
Project mention: My VM is lighter (and safer) than your container | news.ycombinator.com | 2024-05-14
I can speak to this. Containers, and by extension k8s, break a well known security boundary that has existed for a very long time - whether you are using a real (hardware) server or a virtual machine on the cloud if you pop that instance/server generally speaking you only have access to that server. Yeh, you might find a db config with connection details if you landed on say a web app host but in general you still have to work to start popping the next N servers.
That's not the case when you are running in k8s and the last container breakout was just announced ~1 month ago: https://github.com/opencontainers/runc/security/advisories/G... .
At the end of the day it is simply not a security boundary. It can solve other problems but not security ones.
Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.
https://github.com/quay/clair
https://github.com/anchore/grype/
Project mention: A vulnerability scanner for container images and filesystems | news.ycombinator.com | 2024-05-24
The currently proposed solution is to allow Docker to bind the cache directory in the build to a directory on the host. This way the cache could be persisted externally. However, this issue has been opened for almost 4 years (May 27, 2020) with no clear answer as to whether it'll be implemented any time soon.
I wish we would rather get rid of Dockerfile in favor of something like buildah does:
https://github.com/containers/buildah/blob/main/examples/lig...
Since Dockerfile is a rather limited and (IMHO) poorly executed re-implementation of a shell script, why not rather use shell directly? Not even bash with coreutils is necessary: even posix sh with busybox can do far more than Dockerfile, and you can use something else (like Python) and take it very far indeed.
Kubernetes on the backend used to utilize docker for much of its container runtime solutions. One of the modular features of Kubernetes is the ability to utilize a Container Runtime Interface or CRI. The problem was that Docker didn't really meet the spec properly and they had to maintain a shim to translate properly. Instead users could utilize the popular containerd or cri-o runtimes. These follow the Open Container Initiative or OCI's guidelines on container formats.
Project mention: Komiser – Your cloud resources will have nowhere to hide | news.ycombinator.com | 2023-10-17
A buildpack is a software, designed to transform application source code into executable (OCI) images that can run on a variety of cloud platforms. At its core, a buildpack is a directory that includes a specific file named buildpack.toml. This file contains metadata and configuration details that dictate how the buildpack should behave. Buildpacks in simple terms, is a set of standards defining how the different steps that are required to build a compliant container image can be automated. Using those standards, there are projects that have been built round enabling that using an CLI or an API. The most common way of doing that is through the Cloud Native Buildpacks' Pack project. Pack is a CLI command that can run in the same system the developers are using to actually go through creating a Dockerfile.
> Well, no. When people say "containers", they always mean "Docker".
Not really/necessarily. https://github.com/opencontainers/runtime-spec
Project mention: My VM is lighter (and safer) than your container | news.ycombinator.com | 2024-05-14
apko allows us to build OCI container images from .apk packages.
Internally, Google used a platform called Borg which is still used by Google to this day. It also served as the basis for Kubernetes. Borg is a container-based platform whose goal was to allow developers to focus on code, not infrastructure. Google has an entire infrastructure team to manage the datacenters. This system came out circa 2004. This predates the advent of modern OCI Containers by about a decade.
Go OCI related posts
-
Understanding Buildpacks in Cloud Native Buildpacks
-
ARM vs x86 em Docker
-
The transitory nature of MLOps: Advocating for DevOps/MLOps coalescence
-
Exploring 5 Docker Alternatives: Containerization Choices for 2024
-
Distribute Artifacts Across OCI Registries
-
The Road To Kubernetes: How Older Technologies Add Up
-
Several container breakouts due to internally leaked fds
-
A note from our sponsor - InfluxDB
www.influxdata.com | 1 Jun 2024
Index
What are some of the best open-source OCI projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | podman | 22,019 |
2 | containerd | 16,478 |
3 | gvisor | 15,169 |
4 | runc | 11,504 |
5 | clair | 10,084 |
6 | distribution | 8,484 |
7 | grype | 7,970 |
8 | buildkit | 7,740 |
9 | buildah | 7,065 |
10 | syft | 5,566 |
11 | cri-o | 5,044 |
12 | pouch | 4,616 |
13 | komiser | 3,867 |
14 | image-spec | 3,303 |
15 | runtime-spec | 3,105 |
16 | firecracker-containerd | 2,065 |
17 | oras | 1,290 |
18 | zarf | 1,233 |
19 | apko | 1,090 |
20 | spegel | 869 |
21 | runq | 795 |
22 | distribution-spec | 761 |
23 | zot | 764 |
Sponsored