惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Privacy & Cybersecurity Law Blog
V
V2EX
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
The Register - Security
The Register - Security
MongoDB | Blog
MongoDB | Blog
P
Privacy International News Feed
The Last Watchdog
The Last Watchdog
Security Archives - TechRepublic
Security Archives - TechRepublic
美团技术团队
Stack Overflow Blog
Stack Overflow Blog
博客园 - 司徒正美
博客园 - 三生石上(FineUI控件)
V
Visual Studio Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
K
Kaspersky official blog
S
Secure Thoughts
T
Tenable Blog
Security Latest
Security Latest
The Cloudflare Blog
S
Security @ Cisco Blogs
H
Heimdal Security Blog
aimingoo的专栏
aimingoo的专栏
TaoSecurity Blog
TaoSecurity Blog
Blog — PlanetScale
Blog — PlanetScale
Microsoft Security Blog
Microsoft Security Blog
Schneier on Security
Schneier on Security
Webroot Blog
Webroot Blog
G
Google Developers Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Scott Helme
Scott Helme
IT之家
IT之家
Latest news
Latest news
The Hacker News
The Hacker News
C
Check Point Blog
T
The Exploit Database - CXSecurity.com
H
Hackread – Cybersecurity News, Data Breaches, AI and More
腾讯CDC
C
CERT Recently Published Vulnerability Notes
NISL@THU
NISL@THU
N
News | PayPal Newsroom
Forbes - Security
Forbes - Security
P
Palo Alto Networks Blog
S
Security Affairs
S
Securelist
Google Online Security Blog
Google Online Security Blog
WordPress大学
WordPress大学
Last Week in AI
Last Week in AI
C
Cybersecurity and Infrastructure Security Agency CISA
A
About on SuperTechFans

OCI Registry As Storage Blog

🚀 Announcing ORAS v1.3.0 - Elevate your artifact and registry management workflows Announcing ORAS v1.2.0 - OCI Spec v1.1.0 support, formatted output, and more! Lightweight Registry with Oras OCI-Layouts and Object Storage in The Cloud ORAS Welcomes New Owners, Maintainers, and Thanks Emeritus Owners ORAS 0.15 - A Fully Functional OCI Registry Client Bundle, test and deploy Gatekeeper policies as OCI image ORAS - Looking back on 2022 and forward to 2023 ORAS 0.14 and Future - Empower Container Secure Supply Chain ORAS Artifacts Draft Specification Release – Adding Secure Supply Chain Artifacts References
🚀 Announcing ORAS v1.3.0-beta.3 - Enrich formatted output of oras discover
ORAS Community · 2025-04-28 · via OCI Registry As Storage Blog

The ORAS Community is thrilled to announce the release of ORAS v1.3.0-beta.3! This milestone continues our vision to make managing OCI artifacts easier, faster, and more intuitive for users and developers.

This release includes new features, critical improvements, and bug fixes as we fine-tune ORAS for the upcoming stable release. Let’s dive into what’s new!

✨ What's New?

OCI referrers is to associate additional artifacts with a container image without modifying the original image itself. Referrers are useful for software supply chain security, metadata enrichment, and artifact management.

oras discover provides structured output to show OCI referrers of a manifest in a registry or an OCI image layout. Previously, oras discover only shows direct referrers with limited metadata. Since this release, the output of oras discover has been enriched with showing all referrers recursively in all formatted outputs (tree, JSON, go-template) with annotations displayed by default. The subject manifest details is added to oras discover JSON output. It provides an informative output and ensures data consistency of different data formats in the output.

The tree view has better readability with colored-code visual effect on console as the screenshot shows below.

oras tree view

In addition, oras introduces an experimental --depth flag for oras discover, allowing users to specify the maximum depth of referrers in the formatted output. It avoids throttling or performance issues when a subject image has a complex referrer graph. For example, users can list the direct referrers of a subject image by specifying --depth 1 as the screenshot below.

oras tree view

Breaking Changes and Deprecation You Should Know

  • The global flag --no-tty flag has been removed, now available only for oras commands that need TTY behavior, improves consistency across commands.
  • The property manifests has been renamed to referrers in the JSON output of oras discover
  • The table output format is deprecated for oras discover

A sample output of oras discover in JSON format:

oras discover ghcr.io/kyverno/test-verify-image:signed --format json
{
  "reference": "ghcr.io/kyverno/test-verify-image@sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105",
  "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
  "digest": "sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105",
  "size": 938,
  "referrers": [
    {
      "reference": "ghcr.io/kyverno/test-verify-image@sha256:7f870420d92765b42cec0f71ee8e25bf39b692f64d95d6f6607e9e6e54300265",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:7f870420d92765b42cec0f71ee8e25bf39b692f64d95d6f6607e9e6e54300265",
      "size": 738,
      "annotations": {
        "io.cncf.notary.x509chain.thumbprint#S256": "[\"da1f2d7d648dfacc7ebd59f98a9f35c753c331d80ca4280bb94060f4af4a5357\"]",
        "org.opencontainers.image.created": "2023-05-22T21:45:06Z"
      },
      "artifactType": "application/vnd.cncf.notary.signature"
    },
    {
      "reference": "ghcr.io/kyverno/test-verify-image@sha256:f89cb7a0748c63a674d157ca84d725ff3ac09cc2d4aee9d0ec4315e0fe92a5fd",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:f89cb7a0748c63a674d157ca84d725ff3ac09cc2d4aee9d0ec4315e0fe92a5fd",
      "size": 699,
      "annotations": {
        "org.opencontainers.image.created": "2023-05-25T16:13:11Z"
      },
      "artifactType": "vulnerability-scan",
      "referrers": [
        {
          "reference": "ghcr.io/kyverno/test-verify-image@sha256:ec45844601244aa08ac750f44def3fd48ddacb736d26b83dde9f5d8ac646c2f3",
          "mediaType": "application/vnd.oci.image.manifest.v1+json",
          "digest": "sha256:ec45844601244aa08ac750f44def3fd48ddacb736d26b83dde9f5d8ac646c2f3",
          "size": 728,
          "annotations": {
            "io.cncf.notary.x509chain.thumbprint#S256": "[\"da1f2d7d648dfacc7ebd59f98a9f35c753c331d80ca4280bb94060f4af4a5357\"]",
            "org.opencontainers.image.created": "2023-05-25T16:19:29Z"
          },
          "artifactType": "application/vnd.cncf.notary.signature"
        }
      ]
    },
    {
      "reference": "ghcr.io/kyverno/test-verify-image@sha256:8cad9bd6de426683424a204697dd48b55abcd6bb6b4930ad9d8ade99ae165414",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:8cad9bd6de426683424a204697dd48b55abcd6bb6b4930ad9d8ade99ae165414",
      "size": 695,
      "annotations": {
        "org.opencontainers.image.created": "2023-05-25T16:17:41Z"
      },
      "artifactType": "sbom/cyclone-dx",
      "referrers": [
        {
          "reference": "ghcr.io/kyverno/test-verify-image@sha256:61f3e42f017b72f4277c78a7a42ff2ad8f872811324cd984830dfaeb4030c322",
          "mediaType": "application/vnd.oci.image.manifest.v1+json",
          "digest": "sha256:61f3e42f017b72f4277c78a7a42ff2ad8f872811324cd984830dfaeb4030c322",
          "size": 728,
          "annotations": {
            "io.cncf.notary.x509chain.thumbprint#S256": "[\"da1f2d7d648dfacc7ebd59f98a9f35c753c331d80ca4280bb94060f4af4a5357\"]",
            "org.opencontainers.image.created": "2023-05-25T16:20:01Z"
          },
          "artifactType": "application/vnd.cncf.notary.signature"
        }
      ]
    },
    {
      "reference": "ghcr.io/kyverno/test-verify-image@sha256:aa886b475b431a37baa0e803765a9212f0accece0b82a131ebafd43ea78fa1f8",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:aa886b475b431a37baa0e803765a9212f0accece0b82a131ebafd43ea78fa1f8",
      "size": 681,
      "annotations": {
        "org.opencontainers.artifact.description": "CycloneDX JSON SBOM"
      },
      "artifactType": "application/vnd.cyclonedx+json",
      "referrers": [
        {
          "reference": "ghcr.io/kyverno/test-verify-image@sha256:00c5f96577878d79b545d424884886c37e270fac5996f17330d77a01a96801eb",
          "mediaType": "application/vnd.oci.image.manifest.v1+json",
          "digest": "sha256:00c5f96577878d79b545d424884886c37e270fac5996f17330d77a01a96801eb",
          "size": 728,
          "annotations": {
            "io.cncf.notary.x509chain.thumbprint#S256": "[\"da1f2d7d648dfacc7ebd59f98a9f35c753c331d80ca4280bb94060f4af4a5357\"]",
            "org.opencontainers.image.created": "2023-07-10T16:55:36Z"
          },
          "artifactType": "application/vnd.cncf.notary.signature"
        },
        {
          "reference": "ghcr.io/kyverno/test-verify-image@sha256:f3dc4687f5654ea8c2bc8da4e831d22a067298e8651fb59d55565dee58e94e2d",
          "mediaType": "application/vnd.oci.image.manifest.v1+json",
          "digest": "sha256:f3dc4687f5654ea8c2bc8da4e831d22a067298e8651fb59d55565dee58e94e2d",
          "size": 728,
          "annotations": {
            "io.cncf.notary.x509chain.thumbprint#S256": "[\"da1f2d7d648dfacc7ebd59f98a9f35c753c331d80ca4280bb94060f4af4a5357\"]",
            "org.opencontainers.image.created": "2023-07-10T16:56:36Z"
          },
          "artifactType": "application/vnd.cncf.notary.signature"
        }
      ]
    },
    ...

There are a few bug fixes and a deprecated feature in this release. For a concrete changelog, please see ORAS CLI v1.3.0-beta.3 Release Notes.

You can follow this installation guidance to install ORAS v1.3.0-beta.3 and have a try. Feedback is crucial at this stage. If you run into issues or have suggestions, please open an issue. Join the Slack channel in CNCF and find us at oras channel.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。