Cloudsmith achieves full compliance with OCI v1.1 standard

Today

Cloudsmith has announced its full compliance with and support of the Open Container Initiative (OCI) v1.1 standard, expanding its capabilities in managing container images and associated artifacts.

This development enables organisations to manage comprehensive relationships across their entire software supply chain. The implementation goes beyond traditional container registry solutions, facilitating explicit relationships between container images and artifacts such as Software Bills of Materials (SBOMs), signatures, attestations, and vulnerability reports.

The platform's new features allow for the distribution of cloud-native OCI-based artifacts including Helm Charts, Kubernetes manifest files, WebAssembly (WASM) modules, and Open Policy Agent (OPA) bundles. Furthermore, teams can store and track machine learning (ML) model data, feature store data, and related metadata within the same registry as their container images.

Cloudsmith's OCI v1.1 compliance is seamlessly integrated into its existing universal artifact management platform. This integration provides a centralised control plane for policy management across various assets, supporting more than 30 package formats. It ensures consistent policy enforcement, comprehensive audit trails, and unified security scanning across containers and associated artifacts.

The approach by Cloudsmith addresses future-proofing container management by delivering web-scale performance on its fully managed platform, ensuring compatibility with evolving container and artifact technologies.

According to Lee Skillen, Chief Technology Officer at Cloudsmith, "Our OCI v1.1 conformance enables teams to establish explicit connections between container images and crucial artifacts like SBOMs, signatures, attestations, and even ML-based data and metadata. It also supports OCI-based package formats, such as Helm Charts, WASM modules, OPA bundles, etc. This capability, combined with our unified policy management and support for over 30 distinct ecosystems, makes Cloudsmith the most comprehensive cloud-native platform for modern software supply chain management."

The OCI, formed in 2015 by Docker and other organisations, is a project under the Linux Foundation aimed at setting open standards for container formats and runtimes to foster interoperability across the container ecosystem. This effort allows developers the flexibility to choose their tools without being restricted to a predetermined set.

Cloudsmith's current support for OCI v1.1 is available in early access for its customers, providing a stable and secure environment for managing complex software assets and their interconnections efficiently.

Cloudsmith is a provider of cloud-native artifact management, used by global enterprises across industries to secure and optimise their software supply chains. The platform supports over 30 package formats, integrates with CI/CD pipelines, and offers complete control and visibility over software assets. The company states it is committed to securing today's supply chains and building an adaptive, resilient infrastructure for the future.

Share on: