For current OCI Artifact guidance, please see:
- image-spec: artifacts guidance documentation
- distribution-spec: referrers API
OCI Artifacts started in 2019 with PRs to the Image and the Distribution specs. In September of 2019, the TOB voted to create the New OCI Artifacts Project, generalizing the deployed container registry infrastructure to serve ecosystems of new artifacts. Artifact Authors no longer needed to create, nor host new package managers. By leveraging existing public and private registries, artifact authors benefit from the reliability, performance and security benefits users already manage.
In 2020, early supply chain security initiatives were evolving, requiring the addition of reference information to existing artifacts (#29), including signatures, Software Bill of Materials (SBOM), and new developing types.
We're happy to see the journey completed with the Image and Distribution specs formalizing the addition of OCI Artifacts and Reference Types. With the Image 1.1, and Distribution 1.1 releases, the effort has come full circle, making it time to archive the OCI Artifacts project.
The previous OCI Artifacts content is available in the pre-archive branch
This project incorporates (by reference) the OCI Code of Conduct
This project incorporated the Governance and Releases processes from the OCI project template: https://github.com/opencontainers/project-template.
