# Container and image tooling > Search results for `Container and image tooling` on awesome-repositories.com. 111 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/container-and-image-tooling **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/container-and-image-tooling).** ## Results - [containers/libpod](https://awesome-repositories.com/repository/containers-libpod.md) (32,040 ⭐) — Libpod is a container management library for running and controlling the lifecycle of Open Container Initiative compliant containers and images across different storage backends. It provides a programmatic interface for the remote control and automation of container environments. The project enables the coordination of multiple containers into pods that share network namespaces and other shared resources. It supports rootless container execution by using user namespaces to launch containers without administrative privileges. The library covers a broad range of system operations, including im - [googlecontainertools/distroless](https://awesome-repositories.com/repository/googlecontainertools-distroless.md) (22,254 ⭐) — Distroless provides a collection of security-hardened, minimal base container images designed to reduce attack surfaces by excluding non-essential system utilities, package managers, and shells. These images are constructed to contain only an application and its specific runtime dependencies, enforcing the principle of least privilege by configuring environments for non-root execution. The project distinguishes itself through a focus on supply chain integrity and reproducible builds. It utilizes declarative build configurations to track package versions and validates container image integrity - [google/osv-scanner](https://awesome-repositories.com/repository/google-osv-scanner.md) (10,565 ⭐) — osv-scanner is a software composition analysis tool and vulnerability scanner that checks project dependencies and container images against the Open Source Vulnerabilities database. It functions as a dependency remediation tool and can be integrated into custom Go applications as a programmable security library. The project distinguishes itself through a remediation workflow that includes an interactive terminal user interface and automated scripting for upgrading vulnerable packages in lockfiles and manifests. It employs call-graph reachability analysis to determine if vulnerable code is act - [containers/skopeo](https://awesome-repositories.com/repository/containers-skopeo.md) (10,982 ⭐) — Skopeo is an OCI container image manager and registry client designed for inspecting, copying, and signing container images across different registries and storage backends. It enables the manipulation of container images using direct API calls to registries, operating independently of a local container daemon or runtime. The tool provides specialized capabilities for container image mirroring and synchronization, specifically supporting the mirroring of external repositories to internal registries for air-gapped environments. It also functions as a container image signing tool, allowing for - [collabnix/dockerlabs](https://awesome-repositories.com/repository/collabnix-dockerlabs.md) (8,008 ⭐) — dockerlabs is a collection of educational labs and technical tutorials designed to teach the fundamentals of containerization and microservice architecture. It provides instructional material and hands-on exercises covering image optimization, security training, infrastructure setup, and cluster orchestration. The project features specific courses and guides focused on reducing image size through multi-stage builds, securing workloads via vulnerability scanning and encrypted networks, and deploying multi-node clusters with high availability using Swarm orchestration. The materials cover a br - [containers/buildah](https://awesome-repositories.com/repository/containers-buildah.md) (8,618 ⭐) — Buildah is a tool for creating OCI-compliant container images without requiring a background daemon process. It functions as a daemonless image constructor and distribution tool, allowing users to build, push, and pull images between local storage and remote registries. The project distinguishes itself by supporting unprivileged image building through the use of user namespaces and rootless mode. It enables direct modification of container root filesystems by mounting them to the host, allowing images to be treated as directories that can be manipulated via standard shell commands or scripts. - [containers/ramalama](https://awesome-repositories.com/repository/containers-ramalama.md) (2,605 ⭐) — Ramalama is a containerized runtime and management tool for large language models. It functions as an OCI AI model manager and registry client, allowing users to package, distribute, and execute AI models as standardized container images. The project differentiates itself by using OCI-compliant distribution for models and retrieval augmented generation assets, enabling the packaging of vector databases into immutable container images. It features hardware-aware image selection that automatically detects GPU or CPU capabilities to pull the most optimized image for the host environment. The sy - [apple/container](https://awesome-repositories.com/repository/apple-container.md) (37,726 ⭐) — This project serves as a technical educational resource and software implementation example focused on dependency injection architecture and containerized application packaging. It provides a centralized framework for managing the lifecycle and configuration of application components, allowing objects to receive their dependencies from a registry rather than creating them internally. The project distinguishes itself by offering a type-safe service resolution mechanism that uses language-level information to map abstract interfaces to concrete implementations. By utilizing an inversion of cont - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai - [opencontainers/container-images](https://awesome-repositories.com/repository/opencontainers-container-images.md) (16 ⭐) — A collection of container images used in CI across various opencontainers projects - [bonsaistudio/django-image-tools](https://awesome-repositories.com/repository/bonsaistudio-django-image-tools.md) (44 ⭐) — Django Image Tools - [wagoodman/dive](https://awesome-repositories.com/repository/wagoodman-dive.md) (54,242 ⭐) — Dive is a command-line tool designed for the analysis and optimization of container images. It functions as a layered storage inspector, allowing users to decompose image manifests to examine individual filesystem layers and identify opportunities to reduce total image size. The tool features a filesystem diffing engine that calculates net changes between sequential layers to highlight redundant data and storage inefficiencies. Users interact with this data through a terminal-based dashboard that provides keyboard-driven navigation of complex file structures and layer metadata. By abstracting - [flutter-team-archive/plugins](https://awesome-repositories.com/repository/flutter-team-archive-plugins.md) (17,710 ⭐) — This project is a collection of official plugin packages and a native integration library designed to provide a consistent interface for accessing hardware and software functionality across different mobile and desktop platforms. It serves as a native platform bridge, enabling cross-platform applications to invoke native code and manage operating system dependencies. The project utilizes a federated plugin architecture, splitting plugins into common interfaces and separate platform implementations to allow for independent development and extension. It further supports native integration throu - [quay/clair](https://awesome-repositories.com/repository/quay-clair.md) (11,012 ⭐) — Clair is a container image vulnerability scanner and security analyzer. It performs static analysis of container images by matching package contents against vulnerability databases to identify security risks across different package formats and architectures. The project functions as both an image indexer and a vulnerability database manager. It processes container layers into intermediate representations to enable fast security lookups and synchronizes security metadata from multiple external sources to maintain a local registry. Capability areas include continuous security monitoring, whic - [anchore/grype](https://awesome-repositories.com/repository/anchore-grype.md) (12,423 ⭐) — Grype is a command-line security scanner designed to identify known vulnerabilities within container images, filesystems, and software manifests. It functions as a software composition analysis tool that detects security flaws in application components and open-source libraries to support supply chain security. The tool distinguishes itself by reconstructing the final state of container images through layered filesystem inspection and normalizing diverse package formats into a unified dependency graph. It maintains a local cache of security advisories synchronized from multiple upstream sourc - [devcontainers/cli](https://awesome-repositories.com/repository/devcontainers-cli.md) (2,482 ⭐) — This is a command line tool for building and managing isolated development environments based on the Development Container Specification. It functions as an OCI container image builder and a provisioner for instantiating standardized containers within automated continuous integration workflows. The tool includes a system for injecting pre-configured software and toolsets into containers using a registry of reusable installation modules. This allows for the creation of shareable features and the installation of specific languages, CLI tools, and software dependencies. It covers the automation - [docker-slim/docker-slim](https://awesome-repositories.com/repository/docker-slim-docker-slim.md) (23,311 ⭐) — This project is a suite of specialized tools for linting, minifying, analyzing, and managing container images and their associated registries. It provides a set of utilities including an image minifier to reduce image size, a security profiler to harden running containers, an image analyzer for static inspection, and a registry manager for organizing multi-architecture indices. The toolset distinguishes itself through behavior-based optimization and security. It uses dynamic analysis to track executed instructions and file access to remove unused binary data, and records kernel interactions t - [agno-agi/agno](https://awesome-repositories.com/repository/agno-agi-agno.md) (40,717 ⭐) — Agno is an agent operating system designed to manage the lifecycle, tool execution, and persistent state of autonomous agents across distributed infrastructure. It provides a unified runtime environment that wraps diverse agent frameworks into a consistent, interoperable protocol, allowing developers to build and deploy complex multi-agent systems that coordinate tasks and delegate sub-processes. The platform distinguishes itself through a robust governance and orchestration layer that includes human-in-the-loop approval gates, role-based access control, and a centralized API gateway. It feat - [awslabs/llrt](https://awesome-repositories.com/repository/awslabs-llrt.md) (8,752 ⭐) — llrt is a low-latency JavaScript runtime based on the QuickJS engine, specifically designed for executing asynchronous functions in serverless environments. It provides a lightweight execution layer optimized for fast startup times and minimal memory usage when running ES2023 workloads. The project differentiates itself by bundling natively optimized cloud service SDKs directly into the runtime binary to eliminate external dependency loading. To further reduce cold start latency, it implements parallel connection warming for TLS and network handshakes during the startup phase. The runtime co - [kata-containers/kata-containers](https://awesome-repositories.com/repository/kata-containers-kata-containers.md) (8,106 ⭐) — Kata Containers is an OCI container runtime that launches containers inside lightweight virtual machines to combine hardware-level isolation with container operational speed. It functions as a hardware-isolated container engine and lightweight VM hypervisor, providing a virtual machine monitor interface that abstracts multiple hypervisors to optimize for performance or specific hardware emulation. The project distinguishes itself through a confidential computing runtime that leverages hardware-backed trusted execution environments, such as Intel TDX and AMD SEV-SNP, to protect data in use. It - [anchore/syft](https://awesome-repositories.com/repository/anchore-syft.md) (8,399 ⭐) — Syft is a software bill of materials generator, container image scanner, and software dependency catalog. It analyzes container images and filesystems to produce comprehensive inventories of installed packages and dependencies in standard formats. Additionally, it serves as a software attestation tool and an SBOM format converter. The project distinguishes itself through the ability to create cryptographically signed attestations for software inventories to ensure provenance and integrity. It also provides the capability to transform software bills of materials between different industry sche - [containers/podman](https://awesome-repositories.com/repository/containers-podman.md) (32,035 ⭐) — Podman is a container engine designed for managing containerized applications and images without the need for a persistent background daemon. By utilizing a fork-exec process model, it executes container management commands as direct child processes of the host system, ensuring that container lifecycles are handled through standard host-level process control. The project distinguishes itself through a focus on rootless security and cross-platform compatibility. It employs user namespace mapping to allow unprivileged users to manage isolated workloads without requiring administrative system ac - [coreos/clair](https://awesome-repositories.com/repository/coreos-clair.md) (11,011 ⭐) — Clair is a container vulnerability scanner that performs static analysis of container images to identify known security vulnerabilities. It functions as an analyzer for OCI and Docker images, indexing their contents to detect security risks and outdated packages without requiring the containers to be running. The tool identifies vulnerabilities by matching indexed container components against security databases to find common vulnerabilities and exposures. This process involves analyzing filesystem layers to track the provenance and versioning of packages across the image hierarchy. The proj - [containers/toolbox](https://awesome-repositories.com/repository/containers-toolbox.md) (3,250 ⭐) — Toolbox is a development workspace orchestrator and container environment manager that bootstraps mutable toolsets and SDKs inside containers. It functions as a Linux distribution sandbox and a host-integrated container runtime, allowing users to run native package managers and software without modifying the host operating system. The project differentiates itself by bridging isolated containers with the host system through the mapping of user identities, network sockets, and home directories. It utilizes a daemonless engine to provide these environments while ensuring that system configurati - [dani-garcia/vaultwarden](https://awesome-repositories.com/repository/dani-garcia-vaultwarden.md) (62,749 ⭐) — Vaultwarden is a self-hosted password management server designed to store and synchronize sensitive credentials, identities, and organizational data across multiple client devices. It functions as a database-backed web application that provides an API layer for secure client-server communication, enabling users to manage personal vaults and organizational data sharing with multi-factor authentication. The project distinguishes itself through a comprehensive administrative infrastructure that provides centralized control over server configuration, user accounts, and system diagnostics via a de - [virajmavani/semi-auto-image-annotation-tool](https://awesome-repositories.com/repository/virajmavani-semi-auto-image-annotation-tool.md) (592 ⭐) — Anno-Mage: A Semi Automatic Image Annotation Tool which helps you in annotating images by suggesting you annotations using user-defined labels - [anthropics/claude-code](https://awesome-repositories.com/repository/anthropics-claude-code.md) (132,728 ⭐) — Anthropic's terminal-native AI coding agent. - [hadolint/hadolint](https://awesome-repositories.com/repository/hadolint-hadolint.md) (12,225 ⭐) — Hadolint is a static analysis tool designed to validate container build configurations. It functions as a security scanner and configuration auditor, parsing build instructions into a structured format to identify deviations from security and efficiency standards. The tool distinguishes itself by performing deep inspection of embedded shell commands. By tokenizing and analyzing these scripts, it detects common scripting errors and security vulnerabilities that might otherwise persist within a container image. It integrates external analysis tools to provide specialized validation for these in - [openscap/container-compliance](https://awesome-repositories.com/repository/openscap-container-compliance.md) (242 ⭐) — Resources and tools to assert compliance of containers (rocket, docker, ...). - [fyne-io/fyne](https://awesome-repositories.com/repository/fyne-io-fyne.md) (27,941 ⭐) — Fyne is a cross-platform graphical user interface toolkit for the Go programming language. It provides a comprehensive framework for building native applications that run on desktop, mobile, and web environments from a single codebase. The toolkit centers on a canvas-based rendering engine and a device-independent layout engine, ensuring that visual elements maintain consistent dimensions and behavior across diverse operating systems and screen densities. The project distinguishes itself through a reactive data-binding system that automatically synchronizes application state with interface co - [slimtoolkit/slim](https://awesome-repositories.com/repository/slimtoolkit-slim.md) (22,977 ⭐) — Slim is a comprehensive suite for container lifecycle management, providing tools for image inspection, optimization, security hardening, and service troubleshooting. It functions as a platform for analyzing containerized applications through both static metadata review and dynamic behavioral probing, enabling users to understand image composition and runtime dependencies. The project distinguishes itself by automating the creation of minimal, production-ready container images. It achieves this by removing unnecessary files and components, flattening image layers, and synthesizing restrictive - [containers/podman-desktop](https://awesome-repositories.com/repository/containers-podman-desktop.md) (7,725 ⭐) — Podman Desktop is a graphical user interface for managing container images, pods, and volumes across multiple container engines and Kubernetes clusters. It serves as a container engine orchestrator for installing, configuring, and updating engines, as well as a deployment dashboard for connecting to Kubernetes environments and switching cluster contexts. The application is an extensible developer tool that utilizes a plugin system to allow users to add new features and orchestration capabilities through third-party modules. The tool provides a resource dashboard for local container managemen - [theporgs/exegol](https://awesome-repositories.com/repository/theporgs-exegol.md) (2,925 ⭐) — Exegol is an offensive security platform and containerized tooling orchestrator designed to deploy and manage isolated security operations environments. It functions as a workspace manager that provisions pre-configured security images and toolkits within Docker containers to protect host systems from malicious payloads. The platform distinguishes itself by integrating AI security workflow orchestration, allowing AI assistants to discover and trigger security tools through a standardized communication protocol. It further provides remote desktop gateway capabilities, enabling GUI access via X - [thephpleague/container](https://awesome-repositories.com/repository/thephpleague-container.md) (867 ⭐) — Small but powerful dependency injection container - [containers/krunvm](https://awesome-repositories.com/repository/containers-krunvm.md) (1,684 ⭐) — Create microVMs from OCI images - [containerd/containerd](https://awesome-repositories.com/repository/containerd-containerd.md) (20,369 ⭐) — Containerd is a daemon-based container runtime that manages the complete lifecycle of containers on a host system. It functions as a core orchestration backend, handling image distribution, storage, and process execution while adhering to industry-standard specifications for container execution and configuration. The project is distinguished by its modular, plugin-based architecture, which allows for the extension of storage, runtime, and networking capabilities without requiring a full daemon recompile. It utilizes a shim-based execution model to delegate low-level operations, ensuring isola - [crewaiinc/crewai](https://awesome-repositories.com/repository/crewaiinc-crewai.md) (53,687 ⭐) — CrewAI is a multi-agent orchestration framework designed for building autonomous systems that execute complex, multi-step workflows. It provides a development platform where specialized agents are defined with specific roles, goals, and tool sets to perform tasks collaboratively. By leveraging a declarative workflow engine, the system manages task dependencies, state transitions, and execution logic, allowing for the creation of structured, stateful sequences of operations. The framework distinguishes itself through its hierarchical management capabilities, which utilize manager agents to coo - [gaopengcuhk/container](https://awesome-repositories.com/repository/gaopengcuhk-container.md) (46 ⭐) — Official Code Release for Container : Context Aggregation Network - [bluesky-social/social-app](https://awesome-repositories.com/repository/bluesky-social-social-app.md) (18,063 ⭐) — This project provides a comprehensive implementation of the AT Protocol, serving as a framework for building decentralized social networking applications. It enables the creation of distributed data repositories where users maintain cryptographic ownership of their identity and content, allowing for portable accounts that can be migrated between independent servers without central authority intervention. The platform distinguishes itself by decoupling content hosting from discovery through modular algorithmic curation. Users can select third-party services to filter and organize their feeds, - [f5/unovis](https://awesome-repositories.com/repository/f5-unovis.md) (2,730 ⭐) — Unovis is a modular SVG and Canvas data visualization library used to build interactive charts, maps, and network graphs. It provides a framework-agnostic set of primitives for creating data dashboards and specialized visualizations. The library is distinguished by its dedicated toolkits for different visualization domains, including an XY charting library for coordinated plots, a network graph framework for relational data, and a geospatial visualization toolkit for TopoJSON-based mapping. Its capability surface covers a wide range of data representations, including linear, area, and bar ch - [imager-io/imager](https://awesome-repositories.com/repository/imager-io-imager.md) (730 ⭐) — Automated image compression for efficiently distributing images on the web. - [termux/proot-distro](https://awesome-repositories.com/repository/termux-proot-distro.md) (2,839 ⭐) — proot-distro is a rootless container runtime and Linux distribution manager that allows users to install and run isolated guest environments without requiring administrative root privileges. It utilizes PRoot to simulate root access and filesystem redirection, enabling the deployment of full Linux distributions in a non-root space. The project functions as an OCI container image handler, capable of building, pulling, and pushing OCI-compatible images and manifests. It further serves as a cross-architecture execution layer, utilizing user-mode emulation to run binaries and containers built for - [scikit-image/scikit-image](https://awesome-repositories.com/repository/scikit-image-scikit-image.md) (6,529 ⭐) — scikit-image is a Python image processing library and scientific image analysis toolkit. It provides a framework for digital image processing and computer vision, utilizing numerical arrays for pixel-level manipulations. The library enables the quantification of image properties and the detection of visual features, such as edges and blobs. It includes tools for image segmentation and the extraction of textures and patterns to characterize objects within visual data. Capabilities cover image manipulation through color space conversion, geometric transformations, and digital restoration. It a - [chainguard-images/images](https://awesome-repositories.com/repository/chainguard-images-images.md) (676 ⭐) — Public Chainguard Images - [rstacruz/cheatsheets](https://awesome-repositories.com/repository/rstacruz-cheatsheets.md) (14,429 ⭐) — This project is a comprehensive collection of web development reference guides and technical cheat sheets. It provides a curated set of markdown-based documentation designed to help developers quickly locate syntax patterns and API examples for common web technologies and programming languages. The repository serves as a specialized reference library covering several distinct technical domains. It includes extensive guides for CSS, focusing on selectors, Flexbox, Grid, and responsive layout properties, as well as a DevOps command reference for Docker, Kubernetes, AWS, Ansible, and general she - [avelino/awesome-go](https://awesome-repositories.com/repository/avelino-awesome-go.md) (175,576 ⭐) — This project serves as a comprehensive language ecosystem index, functioning as a centralized, community-curated directory for the Go programming language. It organizes a vast landscape of software components, libraries, and development tools into a structured, navigable hierarchy, enabling developers to efficiently discover resources tailored to specific functional domains. The repository distinguishes itself through a decentralized contribution model, where community-driven updates ensure the index remains current with the rapidly evolving software landscape. Beyond simple resource listing, - [aschhoff/esp32-433mhz-receiver-and-tools](https://awesome-repositories.com/repository/aschhoff-esp32-433mhz-receiver-and-tools.md) (11 ⭐) — ESP32 433Mhz Receiver written in micropython and Tools for Windows - [golang/go](https://awesome-repositories.com/repository/golang-go.md) (134,756 ⭐) — Go is a statically typed, compiled programming language designed for building scalable, concurrent software. It provides a memory-safe execution environment that combines a high-performance runtime with a self-hosting compiler toolchain, enabling the creation of statically linked machine code binaries without external dependencies. The language is built around a structural type system that uses interfaces for polymorphism and a concurrency model based on lightweight, stack-based coroutines that communicate through channels. The language distinguishes itself through a runtime that features a c - [renovatebot/renovate](https://awesome-repositories.com/repository/renovatebot-renovate.md) (21,796 ⭐) — Renovate is a GitOps-driven dependency management engine designed to automate the maintenance of software projects. It functions as an automated update tool that scans repository files to identify outdated dependencies, fetches the latest compatible versions from external sources, and generates pull requests to apply those updates. By integrating directly with code hosting platforms, it synchronizes project dependencies through declarative configuration files, ensuring that software components remain current and secure. The project distinguishes itself through its platform-agnostic architectu - [golobby/container](https://awesome-repositories.com/repository/golobby-container.md) (613 ⭐) — A lightweight yet powerful IoC dependency injection container for the Go programming language