Looking for the original OCM project before our start with the next Generation of OCM? Check out the previous repository
The Open Component Model (OCM) is an open standard to describe software bills of delivery (SBOD). OCM is a technology-agnostic and machine-readable format focused on the software artifacts that must be delivered for software products.
Check out the the main OCM project web page to find out what OCM offers you for implementing a secure software supply chain. It is your central entry point to all kind of OCM related docs and guides, the OCM specification and all project github repositories. It also offers a Getting Started to quickly make your hands dirty with OCM, its toolset and concepts 😃
OCM describes delivery artifacts that can be accessed from many types of component repositories. It defines a set of semantic, formatting, and other types of specifications that can be found in the ocm-spec repository. Start learning about the core concepts of OCM elements here.
Work In Progress: This OCM Library is a completely new take on interacting and working with OCM. As such, expect heavy changes, especially in the Library API. We are working on a stable API and will release it as soon as possible. Until then, please use the library at your own risk and reference the previous implementation here
This project provides a Go library containing an API for interacting with the Open Component Model (OCM) elements and mechanisms.
The library currently supports the following repository mappings:
- OCI: Use the repository prefix path of an OCI repository to implement an OCM repository.
- CTF (Common Transport Format): Use a file-based binding to represent any set of component versions as filesystem content (directory, tar, tgz).
Additionally, OCM provides a generic solution for how to:
- Sign component versions in any supported OCM repository implementation.
- Verify signatures based on public keys or verified certificates.
- Transport component versions, per reference or as values to any of the repository implementations.
Work In Progress: This OCM CLI is a completely new take on interacting and working with OCM. As such, expect heavy changes, especially in the Commands available. We are working on a stable API and will release it as soon as possible. Until then, please use the library at your own risk and reference the previous implementation here
The ocm CLI may also be used to interact with OCM mechanisms. It makes it easy to create component versions and embed them in build processes.
The code for the CLI can be found in cli.
We supply language bindings for:
- go. These Bindings are also used by the OCM CLI and are our primary Focus.
We are open to discussing and implementing bindings for other languages. If you are interested in a specific language, please open an issue or contact us directly. Contributions are always welcome!
Code contributions, feature requests, bug reports, and help requests are very welcome. Please refer to the Contributing Guide in the Community repository for more information on how to contribute to OCM.
OCM follows the CNCF Code of Conduct.
Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.
