Open Component Model API
Open Component Model (OCM) provides a standard for describing software components in a supply chain, enabling teams to track, reference, and verify software artifacts.
OpenAPI Specification
openapi: 3.1.0
info:
title: Application Research Open Component Model API
version: 1.0.0
description: |
API for managing Open Component Model (OCM) component descriptors and configurations.
The Open Component Model provides a standard for describing software components,
their resources, sources, and dependencies in a technology-agnostic way.
contact:
name: OCM Project
url: https://ocm.software
license:
name: Apache-2.0
url: https://www.apache.org/licenses/LICENSE-2.0
servers:
- url: https://api.ocm.example.com/v1
description: Production server
- url: https://staging.ocm.example.com/v1
description: Staging server
tags:
- name: Components
description: Operations for managing component descriptors
- name: Configurations
description: Operations for managing component configurations
- name: Resources
description: Operations for managing component resources
- name: Signatures
description: Operations for component signing and verification
- name: Sources
description: Operations for managing component sources
paths:
/components:
get:
tags:
- Components
summary: Application Research List component descriptors
operationId: listComponents
parameters:
- $ref: '#/components/parameters/LimitParam'
- $ref: '#/components/parameters/OffsetParam'
- $ref: '#/components/parameters/ProviderFilterParam'
responses:
'200':
description: List of component descriptors
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentDescriptorListResponse'
examples:
componentList:
$ref: '#/components/examples/ComponentDescriptorListResponse'
'400':
$ref: '#/components/responses/BadRequest'
'500':
$ref: '#/components/responses/InternalError'
post:
tags:
- Components
summary: Application Research Create a component descriptor
operationId: createComponent
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentDescriptor'
examples:
webApplication:
$ref: '#/components/examples/WebApplicationComponentDescriptor'
responses:
'201':
description: Component descriptor created
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentDescriptor'
examples:
webApplication:
$ref: '#/components/examples/WebApplicationComponentDescriptor'
'400':
$ref: '#/components/responses/BadRequest'
'409':
$ref: '#/components/responses/Conflict'
'500':
$ref: '#/components/responses/InternalError'
/components/{name}:
parameters:
- $ref: '#/components/parameters/ComponentNameParam'
get:
tags:
- Components
summary: Application Research Get a component descriptor by name
operationId: getComponent
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
responses:
'200':
description: Component descriptor details
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentDescriptor'
examples:
webApplication:
$ref: '#/components/examples/WebApplicationComponentDescriptor'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
put:
tags:
- Components
summary: Application Research Update a component descriptor
operationId: updateComponent
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentDescriptor'
examples:
webApplication:
$ref: '#/components/examples/WebApplicationComponentDescriptor'
responses:
'200':
description: Component descriptor updated
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentDescriptor'
examples:
webApplication:
$ref: '#/components/examples/WebApplicationComponentDescriptor'
'400':
$ref: '#/components/responses/BadRequest'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
delete:
tags:
- Components
summary: Application Research Delete a component descriptor
operationId: deleteComponent
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
responses:
'204':
description: Component deleted successfully
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
/components/{name}/versions:
parameters:
- $ref: '#/components/parameters/ComponentNameParam'
get:
tags:
- Components
summary: Application Research List all versions of a component
operationId: listComponentVersions
responses:
'200':
description: List of component versions
content:
application/json:
schema:
$ref: '#/components/schemas/VersionListResponse'
examples:
versionList:
$ref: '#/components/examples/VersionListResponse'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
/components/{name}/resources:
parameters:
- $ref: '#/components/parameters/ComponentNameParam'
get:
tags:
- Resources
summary: Application Research List resources for a component
operationId: listComponentResources
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
responses:
'200':
description: List of component resources
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceListResponse'
examples:
resourceList:
$ref: '#/components/examples/ResourceListResponse'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
post:
tags:
- Resources
summary: Application Research Add a resource to a component
operationId: addComponentResource
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/Resource'
examples:
ociImage:
$ref: '#/components/examples/OciImageResource'
helmChart:
$ref: '#/components/examples/HelmChartResource'
responses:
'201':
description: Resource added
content:
application/json:
schema:
$ref: '#/components/schemas/Resource'
examples:
ociImage:
$ref: '#/components/examples/OciImageResource'
'400':
$ref: '#/components/responses/BadRequest'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
/components/{name}/resources/{resourceName}:
parameters:
- $ref: '#/components/parameters/ComponentNameParam'
- $ref: '#/components/parameters/ResourceNameParam'
get:
tags:
- Resources
summary: Application Research Get a specific resource
operationId: getComponentResource
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
responses:
'200':
description: Resource details
content:
application/json:
schema:
$ref: '#/components/schemas/Resource'
examples:
ociImage:
$ref: '#/components/examples/OciImageResource'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
delete:
tags:
- Resources
summary: Application Research Remove a resource from a component
operationId: deleteComponentResource
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
responses:
'204':
description: Resource removed
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
/components/{name}/sources:
parameters:
- $ref: '#/components/parameters/ComponentNameParam'
get:
tags:
- Sources
summary: Application Research List sources for a component
operationId: listComponentSources
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
responses:
'200':
description: List of component sources
content:
application/json:
schema:
$ref: '#/components/schemas/SourceListResponse'
examples:
sourceList:
$ref: '#/components/examples/SourceListResponse'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
post:
tags:
- Sources
summary: Application Research Add a source to a component
operationId: addComponentSource
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/Source'
examples:
gitSource:
$ref: '#/components/examples/GitHubSource'
responses:
'201':
description: Source added
content:
application/json:
schema:
$ref: '#/components/schemas/Source'
examples:
gitSource:
$ref: '#/components/examples/GitHubSource'
'400':
$ref: '#/components/responses/BadRequest'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
/components/{name}/references:
parameters:
- $ref: '#/components/parameters/ComponentNameParam'
get:
tags:
- Components
summary: Application Research List component references
operationId: listComponentReferences
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
responses:
'200':
description: List of component references
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentReferenceListResponse'
examples:
referenceList:
$ref: '#/components/examples/ComponentReferenceListResponse'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
post:
tags:
- Components
summary: Application Research Add a component reference
operationId: addComponentReference
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentReference'
examples:
databaseRef:
$ref: '#/components/examples/ComponentReferenceDatabase'
responses:
'201':
description: Reference added
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentReference'
examples:
databaseRef:
$ref: '#/components/examples/ComponentReferenceDatabase'
'400':
$ref: '#/components/responses/BadRequest'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
/components/{name}/signatures:
parameters:
- $ref: '#/components/parameters/ComponentNameParam'
get:
tags:
- Signatures
summary: Application Research List signatures for a component
operationId: listComponentSignatures
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
responses:
'200':
description: List of signatures
content:
application/json:
schema:
$ref: '#/components/schemas/SignatureListResponse'
examples:
signatureList:
$ref: '#/components/examples/SignatureListResponse'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
post:
tags:
- Signatures
summary: Application Research Sign a component
operationId: signComponent
parameters:
- $ref: '#/components/parameters/VersionQueryParam'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/SignatureRequest'
examples:
rsaSignature:
$ref: '#/components/examples/SignatureRequest'
responses:
'201':
description: Component signed
content:
application/json:
schema:
$ref: '#/components/schemas/Signature'
examples:
signature:
$ref: '#/components/examples/Signature'
'400':
$ref: '#/components/responses/BadRequest'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
/components/{name}/signatures/{signatureName}/verify:
post:
tags:
- Signatures
summary: Application Research Verify a component signature
operationId: verifyComponentSignature
parameters:
- $ref: '#/components/parameters/ComponentNameParam'
- $ref: '#/components/parameters/SignatureNameParam'
- $ref: '#/components/parameters/VersionQueryParam'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationRequest'
examples:
verifyRequest:
$ref: '#/components/examples/VerificationRequest'
responses:
'200':
description: Verification result
content:
application/json:
schema:
$ref: '#/components/schemas/VerificationResult'
examples:
verified:
$ref: '#/components/examples/VerificationResultSuccess'
failed:
$ref: '#/components/examples/VerificationResultFailed'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
/configurations:
get:
tags:
- Configurations
summary: Application Research List component configurations
operationId: listConfigurations
parameters:
- $ref: '#/components/parameters/LimitParam'
- $ref: '#/components/parameters/OffsetParam'
responses:
'200':
description: List of configurations
content:
application/json:
schema:
$ref: '#/components/schemas/ConfigurationListResponse'
examples:
configList:
$ref: '#/components/examples/ConfigurationListResponse'
'500':
$ref: '#/components/responses/InternalError'
post:
tags:
- Configurations
summary: Application Research Create a component configuration
operationId: createConfiguration
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentConfiguration'
examples:
mlPipeline:
$ref: '#/components/examples/MLPipelineConfiguration'
microservices:
$ref: '#/components/examples/MicroservicesConfiguration'
responses:
'201':
description: Configuration created
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentConfiguration'
examples:
mlPipeline:
$ref: '#/components/examples/MLPipelineConfiguration'
'400':
$ref: '#/components/responses/BadRequest'
'500':
$ref: '#/components/responses/InternalError'
/configurations/{id}:
parameters:
- $ref: '#/components/parameters/ConfigurationIdParam'
get:
tags:
- Configurations
summary: Application Research Get a configuration by ID
operationId: getConfiguration
responses:
'200':
description: Configuration details
content:
application/json:
schema:
$ref: '#/components/schemas/ComponentConfiguration'
examples:
mlPipeline:
$ref: '#/components/examples/MLPipelineConfiguration'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
delete:
tags:
- Configurations
summary: Application Research Delete a configuration
operationId: deleteConfiguration
responses:
'204':
description: Configuration deleted
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalError'
/transfer:
post:
tags:
- Components
summary: Application Research Transfer components between repositories
operationId: transferComponents
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/TransferRequest'
examples:
transfer:
$ref: '#/components/examples/TransferRequest'
responses:
'202':
description: Transfer initiated
content:
application/json:
schema:
$ref: '#/components/schemas/TransferResult'
examples:
transferResult:
$ref: '#/components/examples/TransferResult'
'400':
$ref: '#/components/responses/BadRequest'
'500':
$ref: '#/components/responses/InternalError'
components:
parameters:
LimitParam:
name: limit
in: query
description: Maximum number of items to return
schema:
type: integer
minimum: 1
maximum: 100
default: 20
OffsetParam:
name: offset
in: query
description: Number of items to skip
schema:
type: integer
minimum: 0
default: 0
ComponentNameParam:
name: name
in: path
required: true
description: Component name (e.g., github.com/acme.org/web-application)
schema:
$ref: '#/components/schemas/ComponentName'
VersionQueryParam:
name: version
in: query
description: Component version (semver)
schema:
$ref: '#/components/schemas/Version'
ResourceNameParam:
name: resourceName
in: path
required: true
description: Resource element name
schema:
$ref: '#/components/schemas/ElementName'
SignatureNameParam:
name: signatureName
in: path
required: true
description: Signature name
schema:
type: string
ProviderFilterParam:
name: provider
in: query
description: Filter by provider name
schema:
type: string
ConfigurationIdParam:
name: id
in: path
required: true
description: Configuration ID
schema:
type: string
schemas:
# List Response Wrappers
ComponentDescriptorListResponse:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/ComponentDescriptor'
total:
type: integer
limit:
type: integer
offset:
type: integer
VersionListResponse:
type: object
properties:
componentName:
$ref: '#/components/schemas/ComponentName'
versions:
type: array
items:
$ref: '#/components/schemas/Version'
ResourceListResponse:
type: array
items:
$ref: '#/components/schemas/Resource'
SourceListResponse:
type: array
items:
$ref: '#/components/schemas/Source'
ComponentReferenceListResponse:
type: array
items:
$ref: '#/components/schemas/ComponentReference'
SignatureListResponse:
type: array
items:
$ref: '#/components/schemas/Signature'
ConfigurationListResponse:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/ComponentConfiguration'
total:
type: integer
# Core OCM Schemas
Meta:
type: object
description: Component descriptor metadata
required:
- schemaVersion
properties:
schemaVersion:
type: string
description: Schema version identifier
examples:
- v2
ComponentName:
type: string
description: Fully qualified component name
maxLength: 255
pattern: ^[a-z][-a-z0-9]*([.][a-z][-a-z0-9]*)*[.][a-z]{2,}(/[a-z][-a-z0-9_]*([.][a-z][-a-z0-9_]*)*)+$
examples:
- github.com/acme.org/web-application
- github.com/ailab.org/model-training-pipeline
ElementName:
type: string
description: Element name for resources and sources
minLength: 2
pattern: ^[a-z0-9]([-_+a-z0-9]*[a-z0-9])?$
examples:
- frontend-image
- backend-image
- helm-chart
Version:
type: string
description: Semantic version string
pattern: ^[v]?(0|[1-9]\d*)(?:\.(0|[1-9]\d*))?(?:\.(0|[1-9]\d*))?(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
examples:
- 1.0.0
- 2.5.1
- v1.0.0-beta.1
Label:
type: object
description: A label with name-value pair
required:
- name
- value
properties:
name:
type: string
description: Label name
value: {}
version:
type: string
pattern: ^v[0-9]+$
signing:
type: boolean
description: Whether this label should be included in signing
merge:
$ref: '#/components/schemas/Merge'
Labels:
type: array
items:
$ref: '#/components/schemas/Label'
Merge:
type: object
properties:
algorithm:
type: string
pattern: ^[a-z][a-z0-9/_-]+$
config: {}
Provider:
type: object
description: Component provider information
required:
- name
properties:
name:
type: string
description: Provider name
examples:
- acme
- ailab
- enterprise
labels:
$ref: '#/components/schemas/Labels'
RepositoryContext:
type: object
description: Repository context for component storage
required:
- type
properties:
type:
type: string
enum:
- ociRegistry
- OCIRegistry
baseUrl:
type: string
description: Base URL of the repository
componentNameMapping:
type: string
enum:
- urlPath
- sha256-digest
IdentityAttribute:
type: object
description: Identity attributes for element identification
additionalProperties:
type: string
DigestSpec:
type: object
description: Cryptographic digest specification
required:
- hashAlgorithm
- normalisationAlgorithm
- value
properties:
hashAlgorithm:
type: string
description: Hash algorithm used
examples:
- SHA-256
- SHA-512
normalisationAlgorithm:
type: string
description: Normalisation algorithm used
examples:
- jsonNormalisation/v1
- ociArtifactDigest/v1
value:
type: string
description: The digest value
SignatureSpec:
type: object
description: Signature specification
required:
- algorithm
- value
- mediaType
properties:
algorithm:
type: string
description: Signature algorithm
examples:
- RSASSA-PSS-SHA256
- ECDSA-SHA256
value:
type: string
description: The signature value
mediaType:
type: string
description: Media type of the signature
examples:
- application/vnd.ocm.signature.rsa
Signature:
type: object
description: Component signature
required:
- name
- signature
properties:
name:
type: string
description: Signature name/identifier
digest:
$ref: '#/components/schemas/DigestSpec'
signature:
$ref: '#/components/schemas/SignatureSpec'
# Access Types
Access:
type: object
description: Access specification for resources and sources
required:
- type
properties:
type:
type: string
description: Access type identifier
discriminator:
propertyName: type
mapping:
localBlob: '#/components/schemas/LocalBlobAccess'
ociArtifact: '#/components/schemas/OciArtifactAccess'
ociBlob: '#/components/schemas/OciBlobAccess'
helm: '#/components/schemas/HelmAccess'
gitHub: '#/components/schemas/GitHubAccess'
github: '#/components/schemas/GitHubAccess'
s3: '#/components/schemas/S3Access'
npm: '#/components/schemas/NpmAccess'
wget: '#/components/schemas/WgetAccess'
http: '#/components/schemas/HttpAccess'
LocalBlobAccess:
type: object
description: Access to a blob stored with the component descriptor
required:
- type
- localReference
- mediaType
properties:
type:
const: localBlob
localReference:
type: string
description: Reference to the local blob
mediaType:
type: string
description: Media type of the blob
referenceName:
type: string
description: Reference name for relocation
globalAccess:
$ref: '#/components/schemas/Access'
OciArtifactAccess:
type: object
description: Access to an OCI artifact
required:
- type
- imageReference
properties:
type:
const: ociArtifact
imageReference:
type: string
description: OCI image reference
OciBlobAccess:
type: object
description: Access to a specific OCI blob
required:
- type
- imageReference
- mediaType
- digest
- size
properties:
type:
const: ociBlob
imageReference:
type: string
mediaType:
type: string
digest:
type: string
size:
type: integer
ref:
type: string
HelmAccess:
type: object
description: Access to a Helm chart
required:
- type
- helmRepository
- helmChart
properties:
type:
const: helm
helmRepository:
type: string
description: Helm repository URL
helmChart:
type: string
description: Chart name and version
caCert:
type: string
keyring:
type: string
GitHubAccess:
type: object
description: Access to GitHub repository content
required:
- type
- repoUrl
properties:
type:
type: string
enum:
- github
- gitHub
repoUrl:
type: string
description: Repository URL
ref:
type: string
description: Git reference
commit:
type: string
description: Commit SHA
S3Access:
type: object
description: Access to S3 object
required:
- type
- bucket
- key
- mediaType
properties:
type:
const: s3
region:
type: string
bucket:
type: string
key:
type: string
mediaType:
type: string
NpmAccess:
type: object
description: Access to npm package
required:
- type
- registry
- package
- version
properties:
type:
const: npm
registry:
type: string
package:
type: string
version:
type: string
WgetAccess:
type: object
description: Access via HTTP download
required:
- type
- url
properties:
type:
const: wget
url:
type: string
mediaType:
type: string
header:
type: object
additionalProperties:
type: array
items:
type: string
verb:
type: string
body:
type: string
noRedirect:
type: boolean
HttpAccess:
type: object
description: Generic HTTP access
required:
- type
- url
properties:
type:
const: http
url:
type: string
# Input Types
Input:
type: object
description: Input specification for local resources
required:
- type
properties:
type:
type: string
DirInput:
type: object
description: Directory input
required:
- type
- path
properties:
type:
const: dir
path:
type: string
mediaType:
type: string
compress:
type: boolean
preserveDir:
type: boolean
followSymlinks:
type: boolean
excludeFiles:
type: array
items:
type: string
includeFiles:
type: array
items:
type: string
FileInput:
type: object
description: File input
required:
- type
- path
properties:
type:
const: file
path:
type: string
mediaType:
type: string
compress:
type: boolean
DockerInput:
type: object
description: Docker image input
required:
- type
- path
properties:
type:
const: docker
path:
type: string
repository:
type: string
DockerMultiInput:
type: object
description: Multi-platform Docker image input
required:
# --- truncated at 32 KB (61 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/application-research/refs/heads/main/openapi/open-component-model-openapi.yml