Open-Source Apache-2.0 licensed. GitHub v0.24.0

Deliver and deploy

your software securely.

Anywhere, at any scale.

The Open Component Model (OCM) is your one-stop open-source

Software Bill of Delivery (SBoD)

for packaging, signing, transporting and deploying your artifacts – preserving end-to-end security, integrity and provenance.

Get Started

How OCM Works

πŸ“

Describe

Define components in code with powerful lifecycle metadata.

πŸ”

Sign

Add cryptographic signatures. End-to-end trust from source to deployment.

🚚

Transport

Works across boundaries β€” public cloud, on-prem, air-gapped. Tamper-proof.

πŸš€

Deploy

Automate Deployments with OCM Controllers and Flux. Seamless GitOps.

Why Choose OCM?

πŸ“¦ One Model for All Artifacts

A unified, machine-readable format for everything you deliver.

πŸ”’ Security & Integrity

Component-level signatures that verify everything. Ironclad provenance at every step.

🌐 Universal Delivery

Deploy anywhere: public, on-prem, air-gapped. Cross-boundary transfers without compromise.

πŸ”— End-to-End Traceability

OCM Coordinates connect all lifecycle phases. One global view for visibility from build to deployment.

βš™οΈ GitOps-Ready Automation

Integrate your pipelines through OCM tooling. Zero custom code needed β€” just plug and play