The ORAS community is thrilled to announce the ORAS CLI v1.3.0, a release packed with stability upgrades and pioneering capabilities. Beyond strengthening existing core functionality, this version introduces three major new features designed to elevate your artifact and registry management workflows:

1. Portable backup & restore of repositories and artifacts
2. Multi-platform image and artifact management
3. Rich formatted output for scripting and pipelines

Moreover, ORAS is now fully compliant with OCI distribution-spec v1.1.1.

Your Registry’s Safety Net: Portable Backup & Restore​

With oras backup and oras restore, ORAS now lets you save your registry content into local directories or tarballs (OCI image layout format) as a snapshot and restore to any registry. All manifests and optionally any tags, referrers will be included within the backup.

Use cases include:

• Air-Gapped Environments: Organizations operating in isolated or high-security environments can use oras backup to export artifacts from a registry to local filesystem, and use oras restore to import them into an internal registry with restricted access.
• Disaster Recovery and Audit Archival: Take periodic snapshots of repositories and store them off-site. In case of accidental deletions, outages, and long-term storage to support regulatory audits, oras restore can be used to quickly recover full registry content.
• Registry Migration: When moving from one container registry provider to another, the pair of commands enables a full repository export, preserving tags, manifests, layers, and referrers.
• Compliance and supply chain security guarantee: Backup and restore the images along with their supply chain artifacts, such as SBOMs, signatures, vulnerability scanning reports.
• Repository Duplication or Promotion: Move artifacts from dev to staging to prod registries reliably using an intermediate backup file.

Check out the user guide Backup and Restore of OCI Artifacts, Images, and Repositories for details.

Multi-platform Image and Artifact Management​

Multi-platform images are commonly used in IoT and Edge computing, particularly heterogeneous deployments. In addition, OpenTofu or Terraform modules are packed as platform-specific artifacts and stored as multi-platform artifact in OCI registries. Thanks to our community partner OpenTofu, now multi-platform artifact management is introduced in v1.3.0.

With oras manifest index create and oras manifest index update, you can easily assemble, update, distribute, and annotate multi-architecture images and artifacts across local environments and registries. Check out the user guide Create and Manage Multi-architecture Artifacts for details.

Enable Scripting and Automation: Formatted Output​

In automation pipelines, the difference between human-readable and machine-usable output can be the difference between clarity and chaos.

With this release, ORAS enables users to use the --format flag to format metadata output into structured data (e.g. JSON) and optionally use the --template flag with the Go template language. This has been enabled for commands like pull, push, attach, discover, and manifest fetch with support for output formats including JSON, Go templates, trees, and tables. You can even run computations with Sprig template functions as well.

• Use --format <DATA_FORMAT> to transform the output of ORAS commands into different formats including prettified JSON, tree, table view, and Go template, i.e. --format json|tree|table|go-template=GO_TEMPLATE.
• Use --template GO_TEMPLATE to compute and manipulate the output using Go templates based on the chosen data format.

Formatted output transforms ORAS from a simple terminal user tool to a DevOps-friendly, integrable developer tool. Check out the user guide Formatted output for details.

Stability & User Experience Polish​

This release also includes a number of enhancements that provides a better overall user experience and stability.

• Feature Stability Promotions: oras attach, oras pull --include-subject, and more are now Stable. oras resolve from Experimental to Preview.
• Discover UX: oras discover now displays referrers recursively by default; The maximum recursion depth can be controlled via the --depth flag
• Loong64 support: More platform options including loong64 open for users.
• Developer experience: Enhanced clarity within error messages, debugging logs, and a number of documentation updates.

Why This Release Matters​

Whether you're looking to backup and restore entire registries, publish multi-architecture bundles, or integrate ORAS into CI/CD pipelines, v1.3.0 brings the tools and the end-to-end artifact management solutions you need.

• Platform teams gain robust disaster recovery and migration tooling.
• DevOps engineers get the multi-arch flexibility needed for heterogeneous infrastructure.
• CI/CD and platform builders enjoy structured data outputs for reliable, scriptable workflows.
• Maintainers ship safer, cleaner, and more future-proof artifact workflows.

There are a few bug fixes and a deprecated feature in this release. For a concrete changelog, please see the ORAS v1.3.0 Release Notes.

Thanks to All Contributors​

Thanks to our existing maintainers @Wwwsylvia, @TerryHowe, @FeynmanZhou, @shizhMSFT, @sabre1041, @sajayantony, @qweeah who contributed to ORAS v1.3.0 and new contributors 🎉 @bcho, @njucjc, @nmiyake, @mauriciovasquezbernal, @Horiodino, @chrisguitarguy, @kysucix, @RohanMishra315, @apparentlymart, @tanyabhatnagar, @amazingfate 🚀.

You can follow the installation guidance to install ORAS v1.3.0 and try it out for yourself. End user feedback is essential in any open source project. If you run into issues or have any suggestions, please open an issue. To engage with the community, feel free to join the Slack channel in CNCF and find us in the oras channel.

The ORAS Community is thrilled to announce the release of ORAS v1.3.0-beta.3! This milestone continues our vision to make managing OCI artifacts easier, faster, and more intuitive for users and developers.

The ORAS project maintainers are proud to announce ORAS CLI v1.2.0 and ORAS-go v2.5.0. These two releases are ready for production use. ORAS CLI v1.2.0 introduces OCI Spec v1.1.0 support, formatted output, brand-new terminal experience with progress bar, and more! This article walks you through the notable features and how these enhancements benefit ORAS users as well as the cloud-native ecosystem.

ORAS Lightweight Cloud Registry​

Setting up a centralized cloud OCI registry is sometimes too much for small scale tests and proof of concepts!
What if I told you there was a lightweight alternative?

Welcomes new owners and maintainers​

With a supermajority vote from the existing ORAS Organization Owners, we are excited to announce that Terry Howe and Andrew Block have been accepted as new ORAS Organization owners. In addition, Billy Zha and Feynman Zhou been accepted as ORAS subproject maintainers.

The OCI Registry As Storage (ORAS) project maintainers announced two releases of v0.15 for the ORAS CLI recently. ORAS v0.15.0 introduces four new top-level commands and new options to manage tags and repositories for advanced use cases. Three weeks later, ORAS 0.15.1 also released with a few known bug fixes. Since the release of v0.15, ORAS CLI has evolved into a fully functional OCI registry client.

ORAS (OCI Registry As Storage) is an important tool out there for working with OCI artifacts and OCI registries. As one of the users and advocates of ORAS, I witnessed the growing trend in both user adoption and contributions in 2022. In this blog post I will share an end-to-end scenario with OPA Gatekeeper policies and ORAS, from including the steps from bundling to deployment.

Policies are rules expressed in YAML that not only afford meeting governance requirements, but also improve the security of Kubernetes workloads and clusters. Policy engines like OPA Gatekeeper, Kyverno or even the new Kubernetes's Validating Admission Policies feature help write and enforce such policies. Once the policies are written, however, how do we easily and securely share them with different projects and teams? How do we deploy them across the fleet of clusters? How do we evaluate them as early as possible in CI/CD pipelines?

ORAS is a tool for working with OCI artifacts and OCI registries. It allows you to distribute OCI artifacts across OCI Registries. ORAS was established and open-sourced in Dec 2018 and joined CNCF as a Sandbox project in June 2021.

As you can see, ORAS has a long history and is still growing since it has an active community behind it. I was fortunate to join the ORAS community as a release manager in May 2022 and growing with the project this year. So I write this article to share the growth of the active community and project iteration that I witnessed in 2022. Let’s look back at what’s been happening this year and what we can expect in 2023 and beyond.

The OCI Registry As Storage (ORAS) project maintainers announced v0.14 release for the ORAS CLI recently. ORAS v0.14 introduces four new top-level commands and new options to manage supply chain artifacts across different container registries and multi-cloud environments.

Today, the OCI Registry As Storage (ORAS) project maintainers are happy to announce the first draft release of artifacts-spec. The artifacts-spec defines how OCI distribution-based registry users can attach references to images, helm charts, and other OCI Artifacts.