{"id":13509494,"url":"https://github.com/opencontainers/runtime-spec","last_synced_at":"2026-03-27T04:11:28.967Z","repository":{"id":33315551,"uuid":"36960293","full_name":"opencontainers/runtime-spec","owner":"opencontainers","description":"OCI Runtime Specification","archived":false,"fork":false,"pushed_at":"2025-08-18T07:13:22.000Z","size":1761,"stargazers_count":3425,"open_issues_count":97,"forks_count":580,"subscribers_count":203,"default_branch":"main","last_synced_at":"2025-08-18T09:19:55.344Z","etag":null,"topics":["containers","docker","oci","runc"],"latest_commit_sha":null,"homepage":"http://www.opencontainers.org","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/opencontainers.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-06-05T23:30:10.000Z","updated_at":"2025-08-18T07:13:26.000Z","dependencies_parsed_at":"2023-02-14T08:17:28.820Z","dependency_job_id":"91d1a1a0-3a83-4541-97a2-8452f93e3833","html_url":"https://github.com/opencontainers/runtime-spec","commit_stats":{"total_commits":880,"total_committers":121,"mean_commits":"7.2727272727272725","dds":0.7272727272727273,"last_synced_commit":"2d3f72ecad9e97c898e1eb04b899a51241f1cabd"},"previous_names":["opencontainers/specs"],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/opencontainers/runtime-spec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencontainers%2Fruntime-spec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencontainers%2Fruntime-spec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencontainers%2Fruntime-spec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencontainers%2Fruntime-spec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/opencontainers","download_url":"https://codeload.github.com/opencontainers/runtime-spec/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencontainers%2Fruntime-spec/sbom","scorecard":{"id":355064,"data":{"date":"2025-08-11","repo":{"name":"github.com/opencontainers/runtime-spec","commit":"bfdffd548aa6ec0a923234cdd3872887274efb37"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.5,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":3,"reason":"4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/opencontainers/runtime-spec/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/opencontainers/runtime-spec/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/opencontainers/runtime-spec/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/opencontainers/runtime-spec/lint.yml/main?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.2.1 not signed: https://api.github.com/repos/opencontainers/runtime-spec/releases/202786237","Warn: release artifact v1.2.0 not signed: https://api.github.com/repos/opencontainers/runtime-spec/releases/141800988","Warn: release artifact v1.1.0 not signed: https://api.github.com/repos/opencontainers/runtime-spec/releases/113178068","Warn: release artifact v1.1.0-rc.3 not signed: https://api.github.com/repos/opencontainers/runtime-spec/releases/108097653","Warn: release artifact v1.1.0-rc.2 not signed: https://api.github.com/repos/opencontainers/runtime-spec/releases/99745021","Warn: release artifact v1.2.1 does not have provenance: https://api.github.com/repos/opencontainers/runtime-spec/releases/202786237","Warn: release artifact v1.2.0 does not have provenance: https://api.github.com/repos/opencontainers/runtime-spec/releases/141800988","Warn: release artifact v1.1.0 does not have provenance: https://api.github.com/repos/opencontainers/runtime-spec/releases/113178068","Warn: release artifact v1.1.0-rc.3 does not have provenance: https://api.github.com/repos/opencontainers/runtime-spec/releases/108097653","Warn: release artifact v1.1.0-rc.2 does not have provenance: https://api.github.com/repos/opencontainers/runtime-spec/releases/99745021"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/opencontainers/.github/SECURITY.md:1","Info: Found linked content: github.com/opencontainers/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/opencontainers/.github/SECURITY.md:1","Info: Found text in security policy: github.com/opencontainers/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T09:20:12.053Z","repository_id":33315551,"created_at":"2025-08-18T09:20:12.053Z","updated_at":"2025-08-18T09:20:12.053Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274361067,"owners_count":25271136,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["containers","docker","oci","runc"],"created_at":"2024-08-01T02:01:08.572Z","updated_at":"2025-12-15T22:29:04.056Z","avatar_url":"https://github.com/opencontainers.png","language":"Go","readme":"# Open Container Initiative Runtime Specification\n\n[![GitHub Actions status](https://github.com/opencontainers/runtime-spec/workflows/build/badge.svg)](https://github.com/opencontainers/runtime-spec/actions?query=workflow%3Abuild)\n\nThe [Open Container Initiative][oci] develops specifications for standards on Operating System process and application containers.\n\nThe specification can be found [here](spec.md).\n\n## Table of Contents\n\nAdditional documentation about how this group operates:\n\n- [Code of Conduct][code-of-conduct]\n- [Style and Conventions](style.md)\n- [Implementations](implementations.md)\n- [Releases](RELEASES.md)\n- [charter][charter]\n\n## Use Cases\n\nTo provide context for users the following section gives example use cases for each part of the spec.\n\n### Application Bundle Builders\n\nApplication bundle builders can create a [bundle](bundle.md) directory that includes all of the files required for launching an application as a container.\nThe bundle contains an OCI [configuration file](config.md) where the builder can specify host-independent details such as [which executable to launch](config.md#process) and host-specific settings such as [mount](config.md#mounts) locations, [hook](config.md#posix-platform-hooks) paths, Linux [namespaces](config-linux.md#namespaces) and [cgroups](config-linux.md#control-groups).\nBecause the configuration includes host-specific settings, application bundle directories copied between two hosts may require configuration adjustments.\n\n### Hook Developers\n\n[Hook](config.md#posix-platform-hooks) developers can extend the functionality of an OCI-compliant runtime by hooking into a container's lifecycle with an external application.\nExample use cases include sophisticated network configuration, volume garbage collection, etc.\n\n### Runtime Developers\n\nRuntime developers can build runtime implementations that run OCI-compliant bundles and container configuration, containing low-level OS and host-specific details, on a particular platform.\n\n## Contributing\n\nDevelopment happens on GitHub for the spec.\nIssues are used for bugs and actionable items and longer discussions can happen on the [mailing list](#mailing-list).\n\nThe specification and code is licensed under the Apache 2.0 license found in the [LICENSE](./LICENSE) file.\n\n### Discuss your design\n\nThe project welcomes submissions, but please let everyone know what you are working on.\n\nBefore undertaking a nontrivial change to this specification, send mail to the [mailing list](#mailing-list) to discuss what you plan to do.\nThis gives everyone a chance to validate the design, helps prevent duplication of effort, and ensures that the idea fits.\nIt also guarantees that the design is sound before code is written; a GitHub pull-request is not the place for high-level discussions.\n\nTypos and grammatical errors can go straight to a pull-request.\nWhen in doubt, start on the [mailing-list](#mailing-list).\n\n### Meetings\n\nPlease see the [OCI org repository README](https://github.com/opencontainers/org#meetings) for the most up-to-date\ninformation on OCI contributor and maintainer meeting schedules. You can also find links to meeting agendas and\nminutes for all prior meetings.\n\n### Mailing List\n\nYou can subscribe and join the mailing list on [Google Groups][dev-list].\n\n### Chat\n\nOCI discussion happens in the following chat rooms, which are all bridged together:\n\n- #general channel on [OCI Slack](https://opencontainers.org/community/overview/#chat)\n- #opencontainers:matrix.org\n\n### Git commit\n\n#### Sign your work\n\nThe sign-off is a simple line at the end of the explanation for the patch, which certifies that you wrote it or otherwise have the right to pass it on as an open-source patch.\nThe rules are pretty simple: if you can certify the below (from https://developercertificate.org):\n\n```\nDeveloper Certificate of Origin\nVersion 1.1\n\nCopyright (C) 2004, 2006 The Linux Foundation and its contributors.\n660 York Street, Suite 102,\nSan Francisco, CA 94110 USA\n\nEveryone is permitted to copy and distribute verbatim copies of this\nlicense document, but changing it is not allowed.\n\n\nDeveloper's Certificate of Origin 1.1\n\nBy making a contribution to this project, I certify that:\n\n(a) The contribution was created in whole or in part by me and I\n    have the right to submit it under the open source license\n    indicated in the file; or\n\n(b) The contribution is based upon previous work that, to the best\n    of my knowledge, is covered under an appropriate open source\n    license and I have the right under that license to submit that\n    work with modifications, whether created in whole or in part\n    by me, under the same open source license (unless I am\n    permitted to submit under a different license), as indicated\n    in the file; or\n\n(c) The contribution was provided directly to me by some other\n    person who certified (a), (b) or (c) and I have not modified\n    it.\n\n(d) I understand and agree that this project and the contribution\n    are public and that a record of the contribution (including all\n    personal information I submit with it, including my sign-off) is\n    maintained indefinitely and may be redistributed consistent with\n    this project or the open source license(s) involved.\n```\n\nthen you just add a line to every git commit message:\n\n    Signed-off-by: Joe Smith \u003cjoe@gmail.com\u003e\n\nusing your real name (sorry, no pseudonyms or anonymous contributions.)\n\nYou can add the sign off when creating the git commit via `git commit -s`.\n\n#### Commit Style\n\nSimple house-keeping for clean git history.\nRead more on [How to Write a Git Commit Message][how-to-git-commit] or the Discussion section of [git-commit(1)][git-commit.1].\n\n1. Separate the subject from body with a blank line\n2. Limit the subject line to 50 characters\n3. Capitalize the subject line\n4. Do not end the subject line with a period\n5. Use the imperative mood in the subject line\n6. Wrap the body at 72 characters\n7. Use the body to explain what and why vs. how\n    * If there was important/useful/essential conversation or information, copy or include a reference\n8. When possible, one keyword to scope the change in the subject (i.e. \"README: ...\", \"runtime: ...\")\n\n\n[charter]: https://github.com/opencontainers/tob/blob/master/CHARTER.md\n[code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md\n[dev-list]: https://groups.google.com/a/opencontainers.org/forum/#!forum/dev\n[how-to-git-commit]: https://cbea.ms/git-commit/\n[iso-week]: https://en.wikipedia.org/wiki/ISO_week_date#Calculating_the_week_number_of_a_given_date\n[minutes]: https://ircbot.wl.linuxfoundation.org/meetings/opencontainers/\n[oci]: https://www.opencontainers.org\n[rfc5545]: https://tools.ietf.org/html/rfc5545\n[runtime-wiki]: https://github.com/opencontainers/runtime-spec/wiki\n[uberconference]: https://www.uberconference.com/opencontainers\n\n[git-commit.1]: https://git-scm.com/docs/git-commit\n","funding_links":[],"categories":["Misc","Go","runc","Specifications:","docker","CNAB"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopencontainers%2Fruntime-spec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopencontainers%2Fruntime-spec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopencontainers%2Fruntime-spec/lists"}