Open Component Model Logo
Open Component Model Text

An open standard to describe software artifact delivery.

Open-source Apache-2.0 Licensed. GitHub v0.8.0

What is the Open Component Model?

The Open Component Model (OCM) is an open standard to describe Software Bills of Delivery (SBOD). It is a technology-agnostic and machine-readable format and focuses on software artifacts that need to be delivered securely across boundaries. At the same time, it maintains integrity and provenance along the supply chain.

Describe

Describe the resources and source repositories of a software product in code. Signing provides verifiable digests of the content

Transport

Transport resource contents to any environment, be it public cloud, on-prem, or air gapped

Deploy

Leverage built-in Flux integration to seamlessly automate the deployment of components via GitOps

Yet another SBOM?

Although OCM may seem similar to both package management tools and SBOM, it is actually neither.


An SBOM describes the constituent parts of a software product required during the development process. In contrast, OCM describes those parts necessary for delivery and deployment. We think of this as a Software Bill of Delivery (SBOD).

Deploying to Airgap with Flux & OCM

Try it yourself here.