Open-Source Apache-2.0 licensed. GitHub v0.33.0

Deliver and deploy

your software securely.

Anywhere, at any scale.

The Open Component Model (OCM) is your one-stop open-source

Software Bill of Delivery (SBoD)

for packaging, signing, transporting and deploying your artifacts – preserving end-to-end security, integrity and provenance.

Get Started

How OCM Works

πŸ“

Describe

Define components in code with powerful lifecycle metadata.

πŸ”

Sign

Add cryptographic signatures. End-to-end trust from source to deployment.

🚚

Transport

Works across boundaries β€” public cloud, on-prem, air-gapped. Tamper-proof.

πŸš€

Deploy

Automate deployments with OCM controllers and Flux. Seamless GitOps.

Dive Deeper

Why Choose OCM?

πŸ“¦ Create a Software Bill of Delivery

Gain visibility into everything you deliver β€” from container images to configuration files.

πŸ”’ Protect Your Supply Chain

Secure the integrity and provenance of your software with built-in signing and verification.

🌐 Deploy Anywhere, Even Air-Gapped

Deliver across any system or environment without loosing traceability.

βš™οΈ Works with Your Existing Tools

OCM fits seamlessly into your current ecosystem and workflows.

πŸ”§ Adapts to Your Needs

OCM's functionality is easy to extend. Just plug in what you need.

🀝 Committed to Open Source

We champion open innovation β€” in OCM and across the community.