The Open Component Model (OCM) is your one-stop open-source
Software Bill of Delivery (SBoD)
for packaging, signing, transporting and deploying your artifacts β preserving end-to-end security, integrity and provenance.
Get StartedDefine components in code with powerful lifecycle metadata.
Add cryptographic signatures. End-to-end trust from source to deployment.
Works across boundaries β public cloud, on-prem, air-gapped. Tamper-proof.
Automate Deployments with OCM Controllers and Flux. Seamless GitOps.
A unified, machine-readable format for everything you deliver.
Component-level signatures that verify everything. Ironclad provenance at every step.
Deploy anywhere: public, on-prem, air-gapped. Cross-boundary transfers without compromise.
OCM Coordinates connect all lifecycle phases. One global view for visibility from build to deployment.
Integrate your pipelines through OCM tooling. Zero custom code needed β just plug and play