Displaying 1 to 5 from 5 results

clair - Vulnerability Static Analysis for Containers

  •    Go

Note: The master branch may be in an unstable or even broken state during development. Please use releases instead of the master branch in order to get stable binaries.Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including appc and docker).

umoci - umoci modifies Open Container images

  •    Go

umoci modifies Open Container images. Not a great name, but what are you going to do. It also is a cool way for people to "dip their toe" into OCI images ("umoci" also means "to dip" in Serbian). umoci intends to be a complete manipulation tool for OCI images. In particular, it should be seen as a more end-user-focused version of the oci-image-tools provided by the OCI. The hope is that all of this tooling will eventually be merged with the upstream repository, so that it is always kept up-to-date by the Open Container Initiative community.

orca-build - Build OCI images from Dockerfiles.

  •    Python

This was a SUSE Hackweek project and is mainly intended to be a simple tool for users that might want to create images as a rootless user, or to play around with a simple PoC of how various OCI technologies can interact with each other. The usage is kinda like docker build. You provide it a build context that contains a Dockerfile and orca-build does the rest. I plan to add support for some more of the docker build flags in the near future, but at the moment it works pretty well.

ctnr - rootless runc-based container engine

  •    Go

ctnr is a CLI built on top of runc to manage and build OCI images as well as containers on Linux. ctnr aims to ease system container creation and execution as unprivileged user. Also ctnr is a tool to experiment with runc features. Container networking is limited. With plain ctnr/runc only the host network can be used. The standard CNI plugins require root privileges. One workaround is to map ports on the host network using PRoot* accepting bad performance. A better solution is to use slirp4netns which emulates the TCP/IP stack in a user namespace efficiently. It can be used with ctnr via the slirp-cni-plugin. Once container initialization is also moved into a user namespace with slirp the standard CNI plugins can be used again. For instance the bridge can be used to achieve communication between containers (see user-mode networking).

filegrain - transport-agnostic, fine-grained content-addressable container image layout

  •    Go

FILEgrain is a (long-term) proposal to extend OCI Image Format to support CAS in the granularity of file, in a transport-agnostic way. Your feedback is welcome.