Skip to main content

Zot

Zot is an open-source OCI-compliant artifact registry server (container registry) designed for cloud-native environments and supply chain security workflows.

  • OCI-compliant container and artifact registry server (container registry, software supply chain)
  • Support for OCI images, artifacts, and registries including the distribution-spec (container registry, open standards)
  • Built-in features for image management, discovery, and retention such as search and garbage collection (container lifecycle management)
  • Security-oriented capabilities such as Software Bill of Materials (SBOM) handling and support for modern supply chain practices (software supply chain security)
  • Embeddable and deployable as a standalone service for on-premises (on-prem) or cloud-native platforms (cloud-native infrastructure)

More About Zot

Zot is an OCI-compliant registry server (container registry) that implements the Open Container Initiative distribution specification for storing and serving container images and other OCI artifacts. It operates as a pull-through cache and registry engine for organizations that need local control over image storage while adhering to common container distribution standards. As an artifact registry, Zot focuses on the cloud-native ecosystem where containers, Helm charts, and related artifacts must be distributed consistently across build, test, and production environments.

The project provides a registry implementation (container registry) with APIs compatible with the OCI distribution-spec, allowing standard container tooling to interact with it for pushing, pulling, and managing images. Zot supports the storage and retrieval of OCI images and generic artifacts, enabling workflows that use software bills of materials (SBOMs), signatures, and other metadata formats that can be modeled as OCI artifacts. Its architecture is designed to run as a standalone binary or to be embedded into other Go applications, which allows platform teams to integrate registry capabilities into bespoke platforms, developer portals, or internal tools.

Core capabilities include repository and tag management, garbage collection and storage optimization (container lifecycle management), image search and discovery capabilities (developer tooling), and policy-oriented configuration such as access control and read-only modes (access control). Zot also aligns with cloud-native deployment patterns (cloud-native infrastructure), and can be deployed on Kubernetes or other container orchestration platforms using standard manifests and configuration files.

In enterprise or institutional settings, Zot is used as an internal registry for container images and OCI artifacts, supporting software supply chain workflows (DevSecOps). Teams can integrate it into Continuous Integration and Continuous Deployment (CI/CD) pipelines to push build outputs, store SBOMs as artifacts alongside images, and mirror public registries into a controlled environment for compliance and reliability. Because it implements the OCI distribution-spec, existing container tooling, such as Docker-compatible clients and Kubernetes, can communicate with Zot without custom integrations, which places the project within the broader ecosystem of standards-based registries.

From a directory and taxonomy perspective, Zot belongs in categories such as container registries, OCI-compliant artifact registries, and software supply chain infrastructure. It is relevant for platform engineering, DevOps, and security teams that require a registry server they can run on-prem or within their preferred cloud infrastructure while maintaining compatibility with OCI standards and modern container-native practices.