Finch
provides a simple client which is integrated with nerdctl. For the core build/run/push/pull commands, Finch depends upon nerdctl to handle the heavy lifting. It works with containerd for container management, and with BuildKit to handle Open Container Initiative (OCI) image builds. These components are all pulled together and run within a virtual machine managed by Lima.
#docker #containerd #buildkit #limaCopacetic
https://github.com/project-copacetic/copacetic
#docker #podman #container #buildkit #security
copa is a CLI tool written in Go and based on buildkit that can be used to directly patch container images without full rebuilds. copa can also patch container images using the vulnerability scanning results from popular tools like Trivy.
https://github.com/project-copacetic/copacetic
#docker #podman #container #buildkit #security