The OCI Referrers API is part of this specification and will be discussed in this post. The OCI Distribution Specification defines the APIs that registries should implement to enable the distribution of artifacts.I will mainly discuss the OCI Artifract Manifest in this post. If you are interested in reading more about the OCI image layout, I recommend the No More Additional Network Requests – Enter: OCI Image Layout post from It will give you a good background on how the image is structured. The OCI Image Format Specification defines the structure and the layout of an image or artifact.OCI develops and maintains three essential specifications: The Open Container Initiative (OCI) is the governance organization responsible for creating open industry standards for container formats and runtimes. In the second part, I will look at more advanced scenarios like deep hierarchies, deleting artifacts, and migrating content between registries with different support. In the first part, I will examine the differences between OCI 1.0 and OCI 1.1 and their support across registries.
MYSAFE CYBERSECURITY SOFTWARE
If not, but you are interested in the containers’ secure supply chain topic, this post will give you enough details to start exploring new registry capabilities that can significantly improve your software supply chain architecture. If you are deep into containers and software supply chain security, you may have heard of OCI referrers API and OCI artifacts. Instead of Part 2, folks may find the Registry & client support for Image Manifest type artifacts issue relevant to what they are looking for. There will be no other updates to this post or Part 2 of the series. Consider the relevance of the information applicable only between Jan 5th 2023 and Jan 24th 2023 – the date the above PR was submitted. The concepts are still relevant but their actual implementation may not be as described in this post.
Most of the functionality described below is removed from many registries and the steps and the information may be incorrect. Although I promised to have a Part 2, due to the changes in the spec, continuing the investigation in the original direction may not be fruitful and helpful to anyone. Unfortunately, the OCI 1.1 Image Spec PR 999 put a hold on that and as of today, the spec is not released. This release was supposed to happen by end of Jan 2023 or mid Feb 2023. When I wrote this post, the expectation was that OCI will release version 1.1 of the specification with artifact manifest included.
0 kommentar(er)
