Proudly Announcing JFrog’s Full Conformance to OCI v1.1

JFrog has long supported standards widely used by developers, including OCI container images. We started with our OCI-compliant Docker registry, then followed up with dedicated JFrog Artifactory OCI repositories. In our continued commitment to developer freedom of choice, we’re excited to take another leap forward.

JFrog is now fully conformant to OCI v1.1. Source: OCI Conformance Page

JFrog is now fully certified to the OCI v1.1 standard. We are proud to be one of only two vendors who have made this commitment thus far. Available from JFrog Artifactory V7.90.1 for OCI and Helm OCI repositories, JFrog users can now get everything they need for their OCI packages.

What is OCI v1.1?

The Open Container Initiative (OCI) is a Linux Foundation project providing open standards for container formats and runtimes, and is widely adopted by developers. It seeks to optimize industry-wide interoperability while maintaining performance.

Originally announced in July 2023, OCI v1.1 is OCI’s latest specification for image, runtime, and distribution specifications. It offers developers more flexibility and integrity, and the ability to link images with one another (using the subject field). Additionally, the new artifactType field makes it easy to create tags to parse through artifacts.

Referrers API

One of the most interesting features in OCI v1.1 is the Referrers API, which offers a convenient approach to retrieve and filter the relationships between images using subject and artifactType. With Referrers API, and by leveraging JFrog Artifactory, you can transfer these relationships between different repositories with ease.

How Referrers API Works

The best way to illustrate the power of Referrers API is with examples.

Example 1:
Fetching All Subjects

Let’s say we have an image called Image A. Two other images, Image B and Image C, are related to Image A. To define these relationships, we can use the subject field to point both Image B and Image C to Image A.

With Referrers API, you’ll retrieve that Image B and Image C are related to Image A.

Example 2:
Fetching Specific Artifact Types

Now, let’s say you want to retrieve only specific artifact types. Let’s assume Image B is an SBOM artifact, and Image C is a signature artifact. Using the artifactType field, you can denote these references.

Using Referrers API, you can retrieve signature artifacts related to Image A, and Referrers API will correctly state that Image C as a signature related to Image A.

As you can see from these two examples, Referrers API in OCI v1.1 makes it easy to access valuable information that can be used to show the relationships of associated OCI packages.

OCI Containers and Repositories in JFrog Artifactory

JFrog’s support of OCI means you get seamless access to everything OCI within Artifactory. You can use OCI natively, securely, and reliably, all within a single point of truth.

For more information on how to get started, including sample code snippets, visit our Referrers API page on the JFrog Help Center. To see how JFrog allows you to do more with your OCI repos, take a tour of our platform or speak to a JFrog team member.