Open Component Model Logo Open Component Model Logo

Open-Source Apache-2.0 licensed. GitHub v0.11.0

What is the Open Component Model?

OCM is an open standard for describing software artifacts and lifecycle metadata. It is a technology-agnostic and machine-readable format and focuses on software artifacts that need to be delivered securely across boundaries. At the same time, it maintains integrity and provenance along the complete supply chain.

With the unique identifier of OCM components acting as correlation ID, it enables the alignment of different, possibly asynchronous processes and tools across all stages of the software lifecycle.

Although OCM may seem similar to both package management tools and SBOM, it is actually neither. An SBOM describes the constituent parts of a software product required during the development process. In contrast, OCM describes those parts necessary for delivery and deployment.

We think of it as a Software Bill of Delivery (SBOD).


Describe resources and source repositories of a software product in code. Sign them for uncompromised integrity.


Transport content to any environment, be it public cloud, on-prem, or air-gapped. OCM ensures secure transport across boundaries.


Leverage built-in Flux integration to seamlessly automate the deployment of components via GitOps.

Deploying to Airgap with Flux & OCM

Try it yourself here.