The article discusses the evolution of registries to enable users to store, pull, distribute, and view OCI artifacts, not just container images. The need for this has been driven by Containers Secure Supply Chain initiatives. The article also explores the efficient building of reference relationships by associating container images with its supply chain artifacts in the OCI registry.
Revolutionizing Container Supply Chains with ORAS
As the tech world evolves, registries are adapting to allow users to store, pull, distribute, and view OCI artifacts, not just container images. This is largely driven by the Containers Secure Supply Chain initiatives.
What’s New?
These initiatives have necessitated the distribution of supply chain artifacts such as signatures, vulnerability reports, and signed Software Bill of Materials (SBOM), and attestations alongside container images in the registry. This is done without altering the existing content.
Building Efficient Reference Relationships
One question that arises is how to efficiently build the reference relationship by associating the container images with its supply chain artifacts in the OCI registry. Another is the right posture to distribute container images with its supply chain artifacts across registries and file system.
Introducing ORAS
ORAS, a client that is designed to address these issues, is the new kid on the block. It promises to revolutionize how we handle container supply chains.
“Nowadays, more and more registries are evolving to enable users to store, pull, distribute, and view OCI artifacts not only container images.”
“Containers Secure Supply Chain initiatives also drove the need for distributing supply chain artifacts like signatures, vulnerability reports, and signed Software Bill of Materials (SBOM), and attestations alongside container images in the registry, without mutating the existing content.”
Stay tuned for more updates on how ORAS is enriching container supply chains.
From the Azure Developer Community Blog
