Projects

   Open Container Initiative (chair of the technical oversight board)

The Open Container Initiative is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes.

Established in June 2015 by Docker and other leaders in the container industry, the OCI currently contains three specifications: the Runtime Specification (runtime-spec), the Image Specification (image-spec), and the Distribution Specification (distribution-spec).

The Technical Oversight Board (TOB) is responsible for managing conflicts, violations of procedures or guidelines and any cross-project or high-level issues that cannot be resolved in the Technical Developer Community for OCI Projects. The TOB is also be responsible for adding, removing or reorganizing OCI Projects.

   containerd (maintainer & security advisor)

containerd is an industry-standard container runtime and a project of the Cloud Native Computing Foundation. containerd provides an intentionally-limited and focused set of functionality with an extensible architecture.

As a Security Advisor with the containerd project, I help triage incoming security reports with industry-informed experience, contribute to fixes and backports, assist with testing, and organize coordinated disclosures under embargo.

Read more about security advisors and check out containerd’s security advisories.

   Docker / Moby (maintainer)

Docker popularized Linux containers and remains the most popular development environment for container-driven workloads. Docker helps people run applications in an image-based, isolated fashion.

The Moby project was spun off from the main Docker runtime in 2017 and now houses the core open-source components for Docker.

My first large contribution to Docker / Moby was the Amazon CloudWatch Logs driver, which helps send container output to CloudWatch Logs.

   runj (author)

runj is an experimental, proof-of-concept OCI-compatible runtime for FreeBSD jails. runj aims to bring the container ecosystem to FreeBSD using native features like jails.

   Bottlerocket (former maintainer, no longer involved)

Bottlerocket is a free and open-source Linux-based operating system meant for hosting containers. Bottlerocket focuses on security and maintainability, providing a reliable, consistent, and safe platform for container-based workloads. The base operating system has just what you need to run containers reliably, and is built with standard open-source components. Bottlerocket-specific additions focus on reliable updates and on the API.

   firecracker-containerd (former maintainer, no longer involved)

The Firecracker VMM is a virtual machine manager optimized for container-like virtual machines (termed “microVMs”) with fast startup, a limited device model, and fixed lifetimes.

This project enables the use of the containerd container runtime to manage Firecracker microVMs using familiar container ecosystem tools and conventions.

   Firecracker SDK for Go (former maintainer, no longer involved)

The Firecracker SDK for Go is an SDK for interacting with the Firecracker VMM API from the Go programming language. The SDK provides a higher-level abstraction on top of the raw API and optimizes for sane, safe defaults while allowing developers the flexibility to override when necessary.

   firectl (former maintainer, no longer involved)

firectl is a simple command-line interface for interacting with the Firecracker VMM to create and run virtual machines without having to directly interact with the API.

   Amazon ECS Container Agent (former maintainer, no longer involved)

The Amazon ECS Container Agent is the on-host component of Amazon Elastic Container Service. The agent is responsible for interfacing between the container runtime and the Amazon ECS backend.

   Amazon ECR Credential Helper (original author, no longer involved)

The Amazon ECR Credential Helper is a Docker credential helper that makes it easier to use Amazon Elastic Container Registry to push and pull Docker container images.

   Amazon ECR containerd resolver (original author, no longer involved)

containerd makes pulling images more flexible, since images are pulled in client software rather than by the containerd daemon. The Amazon ECR containerd resolver is a library that can be used by software integrating with containerd to pull images from Amazon ECR using the native API. This resolver has the capability to perform multi-part downloads of layers, which improves the transfer time for images.

   purple-docker (author)

Haven’t you always wanted to chat with your containers? Now, with purple-docker, you can!

purple-docker implements a protocol plugin (prpl) that tracks running Docker containers in your buddy list and presents STDIO via the chat interface.