Skip to content

Open Component Model (Software Bill of Delivery Toolset)

License

Notifications You must be signed in to change notification settings

mandelsoft/ocm

 
 

Repository files navigation

Open Component Model

OpenSSF Best Practices REUSE status

The Open Component Model provides a standard for describing delivery artifacts that can be accessed from many types of component repositories.

OCM Specifications

OCM defines a set of semantic, formatting, and other types of specifications that can be found in the ocm-spec repository. Start learning about the core concepts of OCM elements here.

OCM Library

This project provides a Go library containing an API for interacting with the Open Component Model (OCM) elements and mechanisms.

The library currently supports the following repository mappings:

  • OCI: Use the repository prefix path of an OCI repository to implement an OCM repository.
  • CTF (Common Transport Format): Use a file-based binding to represent any set of component versions as filesystem content (directory, tar, tgz).
  • Component Archive: Compose the content of a component version on the filesystem.

Additionally, OCM provides a generic solution for how to:

  • Sign component versions in any supported OCM repository implementation.
  • Verify signatures based on public keys or verified certificates.
  • Transport component versions, per reference or as values to any of the repository implementations.

OCM CLI

The ocm CLI may also be used to interact with OCM mechanisms. It makes it easy to create component versions and embed them in build processes.

The ocm CLI documentation can be found here.

The code for the CLI can be found in package cmds/ocm.

The OCI and OCM support can be found in packages pkg/contexts/oci and pkg/contexts/ocm.

Examples

An example of how to use the ocm CLI in a Makefile can be found in examples/make.

More comprehensive examples can be taken from the components contained in this repository. Here a complete component build including a multi-arch image is done and finally packaged into a CTF archive which can be tranported into an OCI repository. See the readme files for details.

Contributing

Code contributions, feature requests, bug reports, and help requests are very welcome. Please refer to the Contributing Guide in the Community repository for more information on how to contribute to OCM.

OCM follows the CNCF Code of Conduct.

Licensing

Copyright 2022 SAP SE or an SAP affiliate company and Open Component Model contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.

About

Open Component Model (Software Bill of Delivery Toolset)

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 98.8%
  • Other 1.2%