استكشف أدوات ومنصات مفتوحة المصدر لبناء وإدارة وتنسيق التطبيقات المعتمدة على الحاويات (Containers) عبر بيئات موزعة.
Moby is an OCI container engine and runtime manager designed for building, running, and managing isolated containers based on Open Container Initiative standards. It functions as a container daemon and image builder, providing a core engine to orchestrate the full lifecycle of containers and the packaging of source code into portable images. The project provides a standardized HTTP interface that allows for programmatic container management, enabling external clients to control daemon settings and container operations. It supports a rootless security model, allowing the engine daemon to execu
Moby is an OCI-compliant container engine and runtime manager that handles image building, container lifecycle, networking, volumes, and multi-platform builds—exactly the containerization platform you need.
Bocker is a minimal container management tool written in Bash that implements core container functionality using Linux namespaces and control groups. It serves as a Linux container manager capable of starting and managing isolated processes and images through low-level kernel features. The project includes an OCI image tool for pulling, saving, and building container images compatible with industry standards. It further integrates a cgroup resource controller to restrict CPU and memory consumption for isolated processes. The tool covers the full container lifecycle, including process isolati
Bocker is a minimal Linux container manager that uses namespaces and cgroups for process isolation and manages OCI-compliant images, fitting as a lightweight container runtime for those wanting a low-level, script-based engine.
Containerd is a daemon-based container runtime that manages the complete lifecycle of containers on a host system. It functions as a core orchestration backend, handling image distribution, storage, and process execution while adhering to industry-standard specifications for container execution and configuration. The project is distinguished by its modular, plugin-based architecture, which allows for the extension of storage, runtime, and networking capabilities without requiring a full daemon recompile. It utilizes a shim-based execution model to delegate low-level operations, ensuring isola
Containerd is an OCI-compliant container runtime that handles image management, storage, and process execution, making it a solid fit for the container-runtime category, though it lacks built-in Dockerfile support and multi-platform build tooling, so it's a narrower tool than a full container engine.
Libpod is a container management library for running and controlling the lifecycle of Open Container Initiative compliant containers and images across different storage backends. It provides a programmatic interface for the remote control and automation of container environments. The project enables the coordination of multiple containers into pods that share network namespaces and other shared resources. It supports rootless container execution by using user namespaces to launch containers without administrative privileges. The library covers a broad range of system operations, including im
Libpod is the core library behind Podman, providing OCI-compliant container and image lifecycle management, networking, storage volumes, and rootless isolation — it is squarely a container engine, though as a library it focuses on the programmatic runtime rather than a full end-user CLI with built-in Dockerfile building.
Podman is a container engine designed for managing containerized applications and images without the need for a persistent background daemon. By utilizing a fork-exec process model, it executes container management commands as direct child processes of the host system, ensuring that container lifecycles are handled through standard host-level process control. The project distinguishes itself through a focus on rootless security and cross-platform compatibility. It employs user namespace mapping to allow unprivileged users to manage isolated workloads without requiring administrative system ac
Podman is a daemonless, OCI-compliant container engine that handles image management, networking, volumes, Dockerfile builds, and multi-platform builds, making it a complete and robust solution for containerizing applications.
Kata Containers is an OCI container runtime that launches containers inside lightweight virtual machines to combine hardware-level isolation with container operational speed. It functions as a hardware-isolated container engine and lightweight VM hypervisor, providing a virtual machine monitor interface that abstracts multiple hypervisors to optimize for performance or specific hardware emulation. The project distinguishes itself through a confidential computing runtime that leverages hardware-backed trusted execution environments, such as Intel TDX and AMD SEV-SNP, to protect data in use. It
Kata Containers is an OCI-compliant container runtime that runs containers inside lightweight VMs for hardware-level isolation, covering the core capabilities of container isolation, networking, storage volumes, and OCI image management — directly fitting a search for a container engine or runtime.
CRI-O is an open-source container runtime that implements the Kubernetes Container Runtime Interface (CRI) to manage container images, pods, and containers on cluster nodes using OCI-compatible runtimes. It serves as a node-level container manager that handles image pulling, container lifecycle, and resource monitoring for Kubernetes clusters, running containers according to the Open Container Initiative specifications. The runtime distinguishes itself through live configuration reloading that applies changes to runtime definitions, registry mirrors, and TLS certificates without restarting th
CRI-O is a Kubernetes-focused container runtime that manages OCI-compliant container images, pods, and lifecycle on cluster nodes, fitting the search for a container runtime, but it does not handle image building or multi-platform builds like a full container engine.
This project is an OCI-compatible container runtime that executes workloads within lightweight virtual machines. By leveraging hardware-based virtualization, it provides strong security isolation between containerized processes and the host operating system, serving as a drop-in replacement for traditional container execution environments. The runtime distinguishes itself through a hypervisor-agnostic architecture that abstracts underlying virtualization operations, allowing for consistent container lifecycle management across different backends. It integrates directly with standard container
Kata Containers is an OCI-compliant container runtime that uses lightweight VMs for strong isolation, making it a solid choice for running containers, though it does not include image management or Dockerfile support directly.
runc is a command-line utility for spawning and running containers on Linux systems according to the Open Container Initiative specification. It serves as a low-level container execution engine that interfaces directly with the host operating system to manage the lifecycle of isolated processes. The tool functions as a Linux process containerizer, utilizing kernel features such as namespaces for process isolation and control groups for resource governance. It enforces security by restricting processes to specific directory trees and dropping unnecessary kernel privileges to minimize the attac
runc is the core OCI-compliant container runtime that handles container isolation and lifecycle, but it does not include image management, networking, storage volumes, or Dockerfile support—those are typically provided by higher-level tools built on top of it.