Catalog of multi-architecture OCI images for popular free and/or open-source Large Language Models, built and published weekly.
Images are built weekly based on the latest version of Ollama and the specific models. They are published with three tags: latest, Git commit sha, and timestamp.
ghcr.io/thomasvitale/ollama-ayaghcr.io/thomasvitale/ollama-gemma2ghcr.io/thomasvitale/ollama-llama3-2ghcr.io/thomasvitale/ollama-llavaghcr.io/thomasvitale/ollama-mistralghcr.io/thomasvitale/ollama-moondreamghcr.io/thomasvitale/ollama-nomic-embed-textghcr.io/thomasvitale/ollama-phi3-5ghcr.io/thomasvitale/ollama-qwen2-5
The following images are still available, but they will not receive further updates.
ghcr.io/thomasvitale/ollama-bakllavaghcr.io/thomasvitale/ollama-llama2ghcr.io/thomasvitale/ollama-llama3ghcr.io/thomasvitale/ollama-llama3-1ghcr.io/thomasvitale/ollama-llava-phi3ghcr.io/thomasvitale/ollama-mistral-nemoghcr.io/thomasvitale/ollama-mxbai-embed-largeghcr.io/thomasvitale/ollama-orca-minighcr.io/thomasvitale/ollama-phighcr.io/thomasvitale/ollama-phi3
All OCI images published in this project are signed with Sigstore.
Using the cosign CLI, you can display the supply chain security related artifacts for each image. Use the specific digest you'd like to verify.
cosign tree ghcr.io/thomasvitale/ollama-mistralThe result:
📦 Supply Chain Security Related artifacts for an image: ghcr.io/thomasvitale/ollama-mistral
└── 💾 Attestations for an image tag: ghcr.io/thomasvitale/ollama-mistral:sha256-38e80d235799aaa8d1bd98733c8b24ae0afb43620391205bb990d4513ee9e751.att
└── 🍒 sha256:89e502711643e116436fc73ba50345e414f73e90cde7c6d0cc29a4b81a7ffce4
└── 🔐 Signatures for an image tag: ghcr.io/thomasvitale/ollama-mistral:sha256-38e80d235799aaa8d1bd98733c8b24ae0afb43620391205bb990d4513ee9e751.sig
└── 🍒 sha256:951e0e299a6585ae117ca31f4df7edb20907391df228d52d624cb552a95c71d4You can verify the signature and its claims:
cosign verify \
--certificate-identity-regexp https://github.com/ThomasVitale \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
ghcr.io/thomasvitale/ollama-mistral | jqYou can also verify the SLSA attestation as follows:
cosign verify-attestation --type slsaprovenance \
--certificate-identity-regexp https://github.com/slsa-framework \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
ghcr.io/thomasvitale/ollama-mistral | jq .payload -r | base64 --decode | jqThese images are used for running LLMs in development and testing using Testcontainers or Docker Compose. You can find examples of usage in Spring AI and LangChain4j.
The security process for reporting vulnerabilities is described in SECURITY.md.
This project is licensed under the Apache License 2.0. See LICENSE for more information. Ollama is licensed under the MIT License. Each model is licensed individually. You can find more information in the Ollama model library.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}