Zot

Zot is an OCI-native container image and artifact registry that implements the OCI Distribution and Image specifications. It is designed as a single, statically-built binary with optional feature sets (full/minimal) and provides a web UI and CLI for managing images and artifacts.

Key Features

• OCI-compliant registry implementing the OCI Distribution and Image specifications (registry APIs compatible with Docker clients).
• Single static binary distribution with full and minimal builds to balance features vs. attack surface.
• Local filesystem and Amazon S3 storage backend support with deduplication, garbage collection, and configurable commit/gc behavior.
• Built-in authentication and authorization, image signature support (cosign/notation) and security-focused configuration options.
• Web-based UI and a command-line client (zli) plus benchmarking tooling (zb); separate React-based UI repository is available.
• Features for mirroring, clustering/scale-out deployment, and integration guides for Kubernetes/Helm.

Use Cases

• Host and serve container images and OCI artifacts for on-premise or cloud-native CI/CD pipelines, supporting Docker-compatible clients.
• Provide a lightweight, standards-compliant registry for edge, embedded, or constrained environments via the minimal binary build.
• Run a scale-out registry with S3-backed storage and clustering for high-availability distribution of artifacts.

Limitations and Considerations

• S3 remote storage support is limited to AWS S3-compatible APIs (configure credentials or IAM roles as required); other cloud-specific backends are not listed as supported in official docs.

Zot is a focused, standards-first registry implementation intended for production use where OCI compliance, simple deployment (single binary), and storage flexibility matter. It is suitable for both lightweight edge deployments and larger clustered registries when combined with the provided clustering and mirroring features.