Download
go-containerregistry is a Go library (with companion tools) for interacting with container images and registries using OCI/Docker formats. It provides primitives to read, write, mutate, sign, and copy images and indexes across registries without shelling out to Docker. High-level utilities like crane and gcrane offer convenient CLIs for everyday tasks—listing tags, copying images between registries, flattening, creating tarballs, and more. The library handles authentication via a pluggable keychain system that understands Docker config files, credential helpers, and environment credentials. It understands multiple on-disk layouts (tarball, OCI layout, remote) and lets you transform images in memory by adding or rebasing layers, adjusting config, and annotating manifests. Because everything is regular Go code, it’s straightforward to embed in CI/CD systems, policy engines, and bespoke supply-chain tooling.
Features
- Go APIs to pull, push, list, and mutate OCI/Docker images
- crane/gcrane CLIs for copy, tag, ls, save, and other operations
- Pluggable auth keychains for local and cloud registries
- Support for remote, tarball, and OCI-layout image stores
- In-memory image mutation: layers, config, annotations, indexes
- Building block for CI pipelines and supply-chain tools
Project Samples
