{"id":37110636,"url":"https://github.com/laincloud/containerd","last_synced_at":"2026-01-14T13:08:57.701Z","repository":{"id":57585709,"uuid":"174680769","full_name":"laincloud/containerd","owner":"laincloud","description":"An open and reliable container runtime","archived":false,"fork":true,"pushed_at":"2019-03-09T02:28:36.000Z","size":51048,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-06-20T13:32:49.765Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://containerd.io","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"containerd/containerd","license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/laincloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY_AUDIT.pdf","support":null}},"created_at":"2019-03-09T10:40:58.000Z","updated_at":"2019-03-09T10:41:05.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/laincloud/containerd","commit_stats":null,"previous_names":[],"tags_count":60,"template":false,"template_full_name":null,"purl":"pkg:github/laincloud/containerd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laincloud%2Fcontainerd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laincloud%2Fcontainerd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laincloud%2Fcontainerd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laincloud%2Fcontainerd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/laincloud","download_url":"https://codeload.github.com/laincloud/containerd/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laincloud%2Fcontainerd/sbom","scorecard":{"id":577330,"data":{"date":"2025-08-11","repo":{"name":"github.com/laincloud/containerd","commit":"a15b6e2097c48b632dbdc63254bad4c62b69e709"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.6,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: contrib/Dockerfile.test:10","Warn: containerImage not pinned by hash: contrib/Dockerfile.test:16","Warn: containerImage not pinned by hash: contrib/Dockerfile.test:22: pin your Docker image by updating golang:1.11 to golang:1.11@sha256:e972c78795b22d5cfab02ac410aa2305fcc036319a7af51065d1af583cd3ec04","Warn: goCommand not pinned by hash: script/setup/install-cni:28","Warn: goCommand not pinned by hash: script/setup/install-critools:23","Warn: goCommand not pinned by hash: script/setup/install-critools:25","Warn: goCommand not pinned by hash: script/setup/install-dev-tools:23","Warn: goCommand not pinned by hash: script/setup/install-dev-tools:24","Warn: goCommand not pinned by hash: script/setup/install-dev-tools:26","Warn: goCommand not pinned by hash: script/setup/install-runc:26","Info:   0 out of   3 containerImage dependencies pinned","Info:   0 out of   7 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"13 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: CVE-2021-28484","Warn: Project is vulnerable to: CVE-2020-15257","Warn: Project is vulnerable to: CVE-2021-21334","Warn: Project is vulnerable to: CVE-2021-32760","Warn: Project is vulnerable to: CVE-2021-41103","Warn: Project is vulnerable to: CVE-2021-43816","Warn: Project is vulnerable to: CVE-2022-23471","Warn: Project is vulnerable to: CVE-2022-23648","Warn: Project is vulnerable to: CVE-2022-31030","Warn: Project is vulnerable to: CVE-2023-25153","Warn: Project is vulnerable to: CVE-2023-25173","Warn: Project is vulnerable to: CVE-2024-40635","Warn: Project is vulnerable to: CVE-2025-47290"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T18:11:34.118Z","repository_id":57585709,"created_at":"2025-08-20T18:11:34.118Z","updated_at":"2025-08-20T18:11:34.118Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28420825,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T13:08:56.892Z","updated_at":"2026-01-14T13:08:57.683Z","avatar_url":"https://github.com/laincloud.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"![containerd banner](https://raw.githubusercontent.com/cncf/artwork/master/containerd/horizontal/color/containerd-horizontal-color.png)\n\n[![GoDoc](https://godoc.org/github.com/containerd/containerd?status.svg)](https://godoc.org/github.com/containerd/containerd)\n[![Build Status](https://travis-ci.org/containerd/containerd.svg?branch=master)](https://travis-ci.org/containerd/containerd)\n[![Windows Build Status](https://ci.appveyor.com/api/projects/status/github/containerd/containerd?branch=master\u0026svg=true)](https://ci.appveyor.com/project/mlaventure/containerd-3g73f?branch=master)\n[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd?ref=badge_shield)\n[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/containerd)](https://goreportcard.com/report/github.com/containerd/containerd)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1271/badge)](https://bestpractices.coreinfrastructure.org/projects/1271)\n\ncontainerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\n\ncontainerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users.\n\n![architecture](design/architecture.png)\n\n## Getting Started\n\nSee our documentation on [containerd.io](https://containerd.io):\n* [for ops and admins](docs/ops.md)\n* [namespaces](docs/namespaces.md)\n* [client options](docs/client-opts.md)\n\nSee how to build containerd from source at [BUILDING](BUILDING.md).\n\nIf you are interested in trying out containerd see our example at [Getting Started](docs/getting-started.md).\n\n\n## Runtime Requirements\n\nRuntime requirements for containerd are very minimal. Most interactions with\nthe Linux and Windows container feature sets are handled via [runc](https://github.com/opencontainers/runc) and/or\nOS-specific libraries (e.g. [hcsshim](https://github.com/Microsoft/hcsshim) for Microsoft). The current required version of `runc` is always listed in [RUNC.md](/RUNC.md).\n\nThere are specific features\nused by containerd core code and snapshotters that will require a minimum kernel\nversion on Linux. With the understood caveat of distro kernel versioning, a\nreasonable starting point for Linux is a minimum 4.x kernel version.\n\nThe overlay filesystem snapshotter, used by default, uses features that were\nfinalized in the 4.x kernel series. If you choose to use btrfs, there may\nbe more flexibility in kernel version (minimum recommended is 3.18), but will\nrequire the btrfs kernel module and btrfs tools to be installed on your Linux\ndistribution.\n\nTo use Linux checkpoint and restore features, you will need `criu` installed on\nyour system. See more details in [Checkpoint and Restore](#checkpoint-and-restore).\n\nBuild requirements for developers are listed in [BUILDING](BUILDING.md).\n\n## Features\n\n### Client\n\ncontainerd offers a full client package to help you integrate containerd into your platform.\n\n```go\n\nimport (\n  \"github.com/containerd/containerd\"\n  \"github.com/containerd/containerd/cio\"\n)\n\n\nfunc main() {\n\tclient, err := containerd.New(\"/run/containerd/containerd.sock\")\n\tdefer client.Close()\n}\n\n```\n\n### Namespaces\n\nNamespaces allow multiple consumers to use the same containerd without conflicting with each other.  It has the benefit of sharing content but still having separation with containers and images.\n\nTo set a namespace for requests to the API:\n\n```go\ncontext = context.Background()\n// create a context for docker\ndocker = namespaces.WithNamespace(context, \"docker\")\n\ncontainerd, err := client.NewContainer(docker, \"id\")\n```\n\nTo set a default namespace on the client:\n\n```go\nclient, err := containerd.New(address, containerd.WithDefaultNamespace(\"docker\"))\n```\n\n### Distribution\n\n```go\n// pull an image\nimage, err := client.Pull(context, \"docker.io/library/redis:latest\")\n\n// push an image\nerr := client.Push(context, \"docker.io/library/redis:latest\", image.Target())\n```\n\n### Containers\n\nIn containerd, a container is a metadata object.  Resources such as an OCI runtime specification, image, root filesystem, and other metadata can be attached to a container.\n\n```go\nredis, err := client.NewContainer(context, \"redis-master\")\ndefer redis.Delete(context)\n```\n\n### OCI Runtime Specification\n\ncontainerd fully supports the OCI runtime specification for running containers.  We have built in functions to help you generate runtime specifications based on images as well as custom parameters.\n\nYou can specify options when creating a container about how to modify the specification.\n\n```go\nredis, err := client.NewContainer(context, \"redis-master\", containerd.WithNewSpec(oci.WithImageConfig(image)))\n```\n\n### Root Filesystems\n\ncontainerd allows you to use overlay or snapshot filesystems with your containers.  It comes with builtin support for overlayfs and btrfs.\n\n```go\n// pull an image and unpack it into the configured snapshotter\nimage, err := client.Pull(context, \"docker.io/library/redis:latest\", containerd.WithPullUnpack)\n\n// allocate a new RW root filesystem for a container based on the image\nredis, err := client.NewContainer(context, \"redis-master\",\n\tcontainerd.WithNewSnapshot(\"redis-rootfs\", image),\n\tcontainerd.WithNewSpec(oci.WithImageConfig(image)),\n)\n\n// use a readonly filesystem with multiple containers\nfor i := 0; i \u003c 10; i++ {\n\tid := fmt.Sprintf(\"id-%s\", i)\n\tcontainer, err := client.NewContainer(ctx, id,\n\t\tcontainerd.WithNewSnapshotView(id, image),\n\t\tcontainerd.WithNewSpec(oci.WithImageConfig(image)),\n\t)\n}\n```\n\n### Tasks\n\nTaking a container object and turning it into a runnable process on a system is done by creating a new `Task` from the container.  A task represents the runnable object within containerd.\n\n```go\n// create a new task\ntask, err := redis.NewTask(context, cio.Stdio)\ndefer task.Delete(context)\n\n// the task is now running and has a pid that can be use to setup networking\n// or other runtime settings outside of containerd\npid := task.Pid()\n\n// start the redis-server process inside the container\nerr := task.Start(context)\n\n// wait for the task to exit and get the exit status\nstatus, err := task.Wait(context)\n```\n\n### Checkpoint and Restore\n\nIf you have [criu](https://criu.org/Main_Page) installed on your machine you can checkpoint and restore containers and their tasks.  This allow you to clone and/or live migrate containers to other machines.\n\n```go\n// checkpoint the task then push it to a registry\ncheckpoint, err := task.Checkpoint(context)\n\nerr := client.Push(context, \"myregistry/checkpoints/redis:master\", checkpoint)\n\n// on a new machine pull the checkpoint and restore the redis container\ncheckpoint, err := client.Pull(context, \"myregistry/checkpoints/redis:master\")\n\nredis, err = client.NewContainer(context, \"redis-master\", containerd.WithNewSnapshot(\"redis-rootfs\", checkpoint))\ndefer container.Delete(context)\n\ntask, err = redis.NewTask(context, cio.Stdio, containerd.WithTaskCheckpoint(checkpoint))\ndefer task.Delete(context)\n\nerr := task.Start(context)\n```\n\n### Snapshot Plugins\n\nIn addition to the built-in Snapshot plugins in containerd, additional external\nplugins can be configured using GRPC. An external plugin is made available using\nthe configured name and appears as a plugin alongside the built-in ones.\n\nTo add an external snapshot plugin, add the plugin to containerd's config file\n(by default at `/etc/containerd/config.toml`). The string following\n`proxy_plugin.` will be used as the name of the snapshotter and the address\nshould refer to a socket with a GRPC listener serving containerd's Snapshot\nGRPC API. Remember to restart containerd for any configuration changes to take\neffect.\n\n```\n[proxy_plugins]\n  [proxy_plugins.customsnapshot]\n    type = \"snapshot\"\n    address =  \"/var/run/mysnapshotter.sock\"\n```\n\nSee [PLUGINS.md](PLUGINS.md) for how to create plugins\n\n### Releases and API Stability\n\nPlease see [RELEASES.md](RELEASES.md) for details on versioning and stability\nof containerd components.\n\n### Communication\n\nFor async communication and long running discussions please use issues and pull requests on the github repo.\nThis will be the best place to discuss design and implementation.\n\nFor sync communication we have a community slack with a #containerd channel that everyone is welcome to join and chat about development.\n\n**Slack:** Catch us in the #containerd and #containerd-dev channels on dockercommunity.slack.com.\n[Click here for an invite to docker community slack.](https://join.slack.com/t/dockercommunity/shared_invite/enQtNDY4MDc1Mzc0MzIwLTgxZDBlMmM4ZGEyNDc1N2FkMzlhODJkYmE1YTVkYjM1MDE3ZjAwZjBkOGFlOTJkZjRmZGYzNjYyY2M3ZTUxYzQ)\n\n### Security audit\n\nA third party security audit was performed by Cure53 in 4Q2018; the [full report](docs/SECURITY_AUDIT.pdf) is available in our docs/ directory.\n\n### Reporting security issues\n\n__If you are reporting a security issue, please reach out discreetly at security@containerd.io__.\n\n## Licenses\n\nThe containerd codebase is released under the [Apache 2.0 license](LICENSE.code).\nThe README.md file, and files in the \"docs\" folder are licensed under the\nCreative Commons Attribution 4.0 International License. You may obtain a\ncopy of the license, titled CC-BY-4.0, at http://creativecommons.org/licenses/by/4.0/.\n\n## Project details\n\n**containerd** is the primary open source project within the broader containerd GitHub repository.\nHowever, all projects within the repo have common maintainership, governance, and contributing\nguidelines which are stored in a `project` repository commonly for all containerd projects.\n\nPlease find all these core project documents, including the:\n * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),\n * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),\n * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)\n\ninformation in our [`containerd/project`](https://github.com/containerd/project) repository.\n\n## Adoption\n\nInterested to see who is using containerd? Are you using containerd in a project?\nPlease add yourself via pull request to our [ADOPTERS.md](./ADOPTERS.md) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaincloud%2Fcontainerd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaincloud%2Fcontainerd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaincloud%2Fcontainerd/lists"}