Universal Converter

ArmoredForge
Verified Container Builds

Convert any image to Voltainer or ArmoredContainers format. Every build generates a complete SBOM, vulnerability scan, and cryptographic attestation.

SBOM Generation Vulnerability Scanning SLSA Provenance CI/CD Ready
Start Building Documentation
terminal — forge
$ forge convert myapp:latest --output volt
# Convert Docker image to Voltainer format
 
→ Pulling image myapp:latest...
→ Analyzing layers...
→ Generating SBOM... 847 packages found
→ Scanning for vulnerabilities... 2 HIGH, 5 MEDIUM
→ Building TinyVol image...
→ Signing with your key...
→ Generating SLSA provenance...
✓ Output: myapp.volt (12.4 MB)
✓ SBOM: myapp.sbom.json
✓ Attestation: myapp.att.json
The Process

From Dockerfile to verified artifact

Submit a Dockerfile or OCI image reference. ArmoredForge builds in an isolated environment, signs the output with your keys, and generates SLSA-compliant provenance.

📥

Input

Submit a Dockerfile, OCI image reference, or point to your Git repository. ArmoredForge accepts any standard container source.

🔬

Analyze

Complete SBOM generation with 847+ package ecosystems. Every dependency cataloged, every license identified.

🛡️

Scan

Vulnerability scanning against CVE databases. Clear severity ratings. Actionable remediation guidance.

Build

Isolated build environment. No cross-contamination. Reproducible outputs every time.

🔐

Sign & Attest

Cryptographic signing with your keys. SLSA Level 3 provenance. Complete audit trail from source to artifact.

Output

Your choice of format: .volt for Voltainer (systemd-nspawn) or .tar for ArmoredContainers (Docker/Podman/containerd).

Output Formats

Choose your destination

ArmoredForge outputs to two formats, depending on your runtime environment.

For Voltainer

.volt Format

TinyVol optimized images for daemon-free execution on systemd-nspawn. Maximum performance, minimum overhead.

  • Direct systemd service integration
  • 50ms cold starts
  • Pre-computed security policies
  • Runtime cryptographic verification
  • Zero daemon requirement
For Traditional Runtimes

.tar OCI Format

Single-layer OCI images for Docker, Podman, containerd, and any OCI-compliant runtime.

  • Works with existing infrastructure
  • Single-layer architecture
  • Minimal attack surface
  • Standard OCI compliance
  • Registry push support
Features

Everything you need for secure builds

ArmoredForge handles the hard parts of container security so you can focus on shipping.

📋

Complete SBOM

Software Bill of Materials for every build. Know exactly what's in your containers. Export to CycloneDX or SPDX formats.

🔍

Vulnerability Scanning

Continuous CVE database updates. Clear severity ratings. Integration with your existing security workflow.

📜

SLSA Provenance

Level 3 compliant build provenance. Cryptographic proof of build environment, inputs, and outputs.

🔑

Image Signing

Sign with your own keys or use ArmoredGate-managed signing. Sigstore and Cosign compatible.

🔄

CI/CD Integration

GitHub Actions, GitLab CI, Jenkins, CircleCI. Native integration in five minutes. Webhook support for custom systems.

📊

Audit Reports

Compliance-ready reports for SOC 2, FedRAMP, and internal audits. PDF and JSON export.

Integrations

Works with your existing tools

ArmoredForge integrates with your CI/CD pipeline in minutes, not days.

🐙 GitHub Actions
🦊 GitLab CI
🔵 Jenkins
CircleCI
🔗 Webhooks

Ready to verify your builds?

Start converting your containers today. Free tier available. CI/CD integration takes five minutes.

Start Building Read the Docs View Pricing