* [Podman v5.8.1](https://github.com/containers/podman) – Tool for managing containers, images, volumes, and pods with a focus on security and resource efficiency.

* [oci-seccomp-bpf-hook v1.3.0](https://github.com/containers/oci-seccomp-bpf-hook) – OCI hook that traces container syscalls with eBPF and generates seccomp profiles allowing observed calls and denying others.

* [runc v1.3.5](https://github.com/opencontainers/runc) – CLI tool for spawning and running containers on Linux according to the OCI specification.

* [containerd v2.2.2](https://github.com/containerd/containerd) – Industry-standard container runtime emphasizing simplicity, robustness, and portability.

* [BuildKit dockerfile/1.22.0](https://github.com/moby/buildkit) – Toolkit for converting source code to build artifacts efficiently and repeatably.

* [CRI-O v1.33.10](https://github.com/cri-o/cri-o) – OCI-based implementation facilitating integration between container runtimes and the Kubelet.

* [Unregistry v0.4.2](https://github.com/psviderski/unregistry) – Push Docker images to remote servers over SSH without an external registry.

* [apko v1.1.10](https://github.com/chainguard-dev/apko) – Build OCI container images directly from Alpine APK packages without Dockerfiles, producing declarative, reproducible, minimal images.

* [policy v0.3.5](https://github.com/opcr-io/policy) – CLI for building, versioning, and publishing authorization policies using OCI artifacts and OPA.

* [gVisor release-20260309.0](https://github.com/google/gvisor) – Application kernel providing strong isolation between applications and the host operating system.