An open standard to describe software artifact delivery.
Open-source Apache-2.0 Licensed. GitHub v0.4.1
What is the Open Component Model?
The Open Component Model (OCM) is an open standard to describe Software Bills of Delivery (SBOD). OCM is a technology-agnostic and machine-readable format focused on software artifacts that must be delivered securely across boundaries, whilst maintaining integrity and provenance along the supply chain.
Describe
Describe the resources and source repositories of a software product in code. Signing provides verifiable digests of the content
Transport
Transport resource contents to any environment, be it public cloud, on-prem, or air gapped
Deploy
Leverage built-in Flux integration to seamlessly automate the deployment of components via GitOps
Yet another SBOM?
Whilst OCM may appear similar to both package management tools and the Software Bill of Materials (SBOM), in truth it is neither.
An SBOM describes the constituent parts of a software product required during the development process. In contrast, OCM describes those parts necessary for delivery & deployment. We think of this as a Software Bill of Delivery (SBOD).
