Werf is a container image builder, Kubernetes continuous delivery tool, and deployment orchestrator. It creates container images using Dockerfiles or assembly syntax and manages the automated rollout of applications to Kubernetes clusters by translating package definitions into resource manifests. The system differentiates itself through a multi-architecture build pipeline that integrates system emulators to produce images for different CPU architectures on a single host. It employs content-based tagging and layer caching to avoid uploading redundant image layers to remote registries. Beyond
Syft is a software bill of materials generator, container image scanner, and software dependency catalog. It analyzes container images and filesystems to produce comprehensive inventories of installed packages and dependencies in standard formats. Additionally, it serves as a software attestation tool and an SBOM format converter. The project distinguishes itself through the ability to create cryptographically signed attestations for software inventories to ensure provenance and integrity. It also provides the capability to transform software bills of materials between different industry sche
Ko is a daemonless container image builder and OCI image generator specifically for Go applications. It compiles Go source code into binaries and packages them directly into container images, pushing them to registries without requiring a local container runtime or daemon. The tool specializes in multi-platform image distribution, producing images for various CPU architectures and operating systems from a single execution. It distinguishes itself by automating the entire pipeline from Go import paths to Kubernetes deployment or serverless function packaging for architectures like AWS Lambda.
This project is a Docker educational resource and a collection of practical examples designed for learning containerization technologies. It serves as a guide for understanding container fundamentals, including the creation and management of custom images and the use of registries. The repository provides specialized references for container security hardening, such as managing kernel privileges and implementing supply chain security. It also includes tutorials for multi-container orchestration and a DevOps guide focused on CI/CD automation and image optimization. The material covers a broad