[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1740":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":23,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":35,"readmeContent":36,"aiSummary":37,"trendingCount":16,"starSnapshotCount":16,"syncStatus":38,"lastSyncTime":39,"discoverSource":40},1740,"firecracker","firecracker-microvm\u002Ffirecracker","firecracker-microvm","Secure and fast microVMs for serverless computing.","http:\u002F\u002Ffirecracker-microvm.io",null,"Rust",34878,2438,349,51,0,24,129,646,110,45,"Apache License 2.0",false,"main",[26,27,28,29,30,31,32,33,34],"containers","minimalist","open-source","oversubscription","rust","sandbox","serverless","virtual-machine","virtualization","2026-06-12 02:00:32","\u003Cpicture>\n \u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"docs\u002Fimages\u002Ffc_logo_full_transparent-bg_white-fg.png\">\n \u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"docs\u002Fimages\u002Ffc_logo_full_transparent-bg.png\">\n \u003Cimg alt=\"Firecracker Logo Title\" width=\"750\" src=\"docs\u002Fimages\u002Ffc_logo_full_transparent-bg.png\">\n\u003C\u002Fpicture>\n\nOur mission is to enable secure, multi-tenant, minimal-overhead execution of\ncontainer and function workloads.\n\nRead more about the Firecracker Charter [here](CHARTER.md).\n\n## What is Firecracker?\n\nFirecracker is an open source virtualization technology that is purpose-built\nfor creating and managing secure, multi-tenant container and function-based\nservices that provide serverless operational models. Firecracker runs workloads\nin lightweight virtual machines, called microVMs, which combine the security and\nisolation properties provided by hardware virtualization technology with the\nspeed and flexibility of containers.\n\n## Overview\n\nThe main component of Firecracker is a virtual machine monitor (VMM) that uses\nthe Linux Kernel Virtual Machine (KVM) to create and run microVMs. Firecracker\nhas a minimalist design. It excludes unnecessary devices and guest-facing\nfunctionality to reduce the memory footprint and attack surface area of each\nmicroVM. This improves security, decreases the startup time, and increases\nhardware utilization. Firecracker has also been integrated in container\nruntimes, for example\n[Kata Containers](https:\u002F\u002Fgithub.com\u002Fkata-containers\u002Fkata-containers) and\n[Flintlock](https:\u002F\u002Fgithub.com\u002Fliquidmetal-dev\u002Fflintlock).\n\nFirecracker was developed at Amazon Web Services to accelerate the speed and\nefficiency of services like [AWS Lambda](https:\u002F\u002Faws.amazon.com\u002Flambda\u002F) and\n[AWS Fargate](https:\u002F\u002Faws.amazon.com\u002Ffargate\u002F). Firecracker is open sourced\nunder [Apache version 2.0](LICENSE).\n\nTo read more about Firecracker, check out\n[firecracker-microvm.io](https:\u002F\u002Ffirecracker-microvm.github.io).\n\n## Getting Started\n\nTo get started with Firecracker, download the latest\n[release](https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Freleases) binaries\nor build it from source.\n\nYou can build Firecracker on any Unix\u002FLinux system that has Docker running (we\nuse a development container) and `bash` installed, as follows:\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\ncd firecracker\ntools\u002Fdevtool build\ntoolchain=\"$(uname -m)-unknown-linux-musl\"\n```\n\nThe Firecracker binary will be placed at\n`build\u002Fcargo_target\u002F${toolchain}\u002Fdebug\u002Ffirecracker`. For more information on\nbuilding, testing, and running Firecracker, go to the\n[quickstart guide](docs\u002Fgetting-started.md).\n\nThe overall security of Firecracker microVMs, including the ability to meet the\ncriteria for safe multi-tenant computing, depends on a well configured Linux\nhost operating system. A configuration that we believe meets this bar is\nincluded in [the production host setup document](docs\u002Fprod-host-setup.md).\n\n## Contributing\n\nFirecracker is already running production workloads within AWS, but it's still\nDay 1 on the journey guided by our [mission](CHARTER.md). There's a lot more to\nbuild and we welcome all contributions.\n\nTo contribute to Firecracker, check out the development setup section in the\n[getting started guide](docs\u002Fgetting-started.md) and then the Firecracker\n[contribution guidelines](CONTRIBUTING.md).\n\n## Releases\n\nNew Firecracker versions are released via the GitHub repository\n[releases](https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Freleases) page,\ntypically every two or three months. A history of changes is recorded in our\n[changelog](CHANGELOG.md).\n\nThe Firecracker release policy is detailed [here](docs\u002FRELEASE_POLICY.md).\n\n## Design\n\nFirecracker's overall architecture is described in\n[the design document](docs\u002Fdesign.md).\n\n## Features & Capabilities\n\nFirecracker consists of a single micro Virtual Machine Manager process that\nexposes an API endpoint to the host once started. The API is\n[specified in OpenAPI format](src\u002Ffirecracker\u002Fswagger\u002Ffirecracker.yaml). Read\nmore about it in the [API docs](docs\u002Fapi_requests).\n\nThe **API endpoint** can be used to:\n\n- Configure the microvm by:\n - Setting the number of vCPUs (the default is 1).\n - Setting the memory size (the default is 128 MiB).\n - Configuring a [CPU template](docs\u002Fcpu_templates\u002Fcpu-templates.md).\n- Add one or more network interfaces to the microVM.\n- Add one or more read-write or read-only disks to the microVM, each represented\n by a file-backed block device.\n- Trigger a block device re-scan while the guest is running. This enables the\n guest OS to pick up size changes to the block device's backing file.\n- Change the backing file for a block device, before or after the guest boots.\n- Configure rate limiters for virtio devices which can limit the bandwidth,\n operations per second, or both.\n- Configure the logging and metric system.\n- `[BETA]` Configure the data tree of the guest-facing metadata service. The\n service is only available to the guest if this resource is configured.\n- Add a [vsock socket](docs\u002Fvsock.md) to the microVM.\n- Add a [entropy device](docs\u002Fentropy.md) to the microVM.\n- Add a [pmem device](docs\u002Fpmem.md) to the microVM.\n- Configure and manage [memory hotplugging](docs\u002Fmemory-hotplug.md).\n- Start the microVM using a given kernel image, root file system, and boot\n arguments.\n- [x86_64 only] Stop the microVM.\n\n**Built-in Capabilities**:\n\n- Demand fault paging and CPU oversubscription enabled by default.\n- Advanced, thread-specific seccomp filters for enhanced security.\n- [Jailer](docs\u002Fjailer.md) process for starting Firecracker in production\n scenarios; applies a cgroup\u002Fnamespace isolation barrier and then drops\n privileges.\n\n## Tested platforms\n\nWe test all combinations of:\n\n| Instance | Host OS & Kernel | Guest Rootfs | Guest Kernel |\n| :------------------------------------------ | :--------------- | :----------- | :----------- |\n| m5n.metal (Intel Cascade Lake) | al2 linux_5.10 | ubuntu 24.04 | linux_5.10 |\n| m6i.metal (Intel Ice Lake) | al2023 linux_6.1 | | linux_6.1 |\n| m7i.metal-24xl (Intel Sapphire Rapids) | | | |\n| m7i.metal-48xl (Intel Sapphire Rapids) | | | |\n| **m8i.metal-48xl (Intel Granite Rapids)\\*** | | | |\n| **m8i.metal-96xl (Intel Granite Rapids)\\*** | | | |\n| m6a.metal (AMD Milan) | | | |\n| m7a.metal-48xl (AMD Genoa) | | | |\n| m6g.metal (Graviton 2) | | | |\n| m7g.metal (Graviton 3) | | | |\n| m8g.metal-24xl (Graviton 4) | | | |\n| m8g.metal-48xl (Graviton 4) | | | |\n\n**\\***: We **only** support AWS EC2 8th Gen Intel (\\*8i) instances using a 6.1\nhost kernel. This is due to poor kernel support for Granite Rapids CPUs on 5.10.\n\n## Known issues and Limitations\n\n- The `pl031` RTC device on aarch64 does not support interrupts, so guest\n programs which use an RTC alarm (e.g. `hwclock`) will not work.\n\n## Performance\n\nFirecracker's performance characteristics are listed as part of the\n[specification documentation](SPECIFICATION.md). All specifications are a part\nof our commitment to supporting container and function workloads in serverless\noperational models, and are therefore enforced via continuous integration\ntesting.\n\n## Policy for Security Disclosures\n\nThe security of Firecracker is our top priority. If you suspect you have\nuncovered a vulnerability, contact us privately, as outlined in our\n[security policy document](SECURITY.md); we will immediately prioritize your\ndisclosure.\n\n## FAQ & Contact\n\nFrequently asked questions are collected in our [FAQ doc](FAQ.md).\n\nYou can get in touch with the Firecracker community in the following ways:\n\n- Security-related issues, see our [security policy document](SECURITY.md).\n- Chat with us on our\n [Slack workspace](https:\u002F\u002Fjoin.slack.com\u002Ft\u002Ffirecracker-microvm\u002Fshared_invite\u002Fzt-2tc0mfxpc-tU~HYAYSzLDl5XGGJU3YIg)\n _Note: most of the maintainers are on a European time zone._\n- Open a GitHub issue in this repository.\n- Email the maintainers at\n [firecracker-maintainers@amazon.com](mailto:firecracker-maintainers@amazon.com).\n\nWhen communicating within the Firecracker community, please mind our\n[code of conduct](CODE_OF_CONDUCT.md).\n","Firecracker 是一个专为无服务器计算设计的安全且快速的微虚拟机(microVM)项目。它使用 Rust 语言开发,核心功能是通过 KVM 创建和运行轻量级的 microVM,这些 microVM 结合了硬件虚拟化的安全隔离特性与容器的速度和灵活性。Firecracker 采用了极简设计,去除了不必要的设备和面向客户的功能,从而减少了内存占用和攻击面,提升了安全性、缩短了启动时间并提高了硬件利用率。此项目适用于需要高安全性和高效资源利用的多租户环境下的容器及函数工作负载场景,如 AWS Lambda 和 AWS Fargate 等服务。",2,"2026-06-11 02:45:44","top_all"]