bootc Active Devices & Adoption

Updated Jul 1, 2026, 12:18 AM UTCRegistry source: Quay.io / GHCR public APICountme source: ublue-os/countme

Active Devices Trend

Ecosystem Share

Upstream Bedrock Note: This chart displays the custom downstream images built by Universal Blue (Bazzite, Bluefin, Aurora, etc.). Upstream base operating systems like Fedora Silverblue and Fedora Kinoite are not tracked here because they report natively to the official Fedora infrastructure, serving as the immutable bedrock of our supply chain.

Active Devices

Total Active Devices ▲ 0.2%
87,045
/ this week
Bazzite
79,622
/ this week
Bluefin
3,560
/ this week
Bluefin-LTS
Awaiting Data
Telemetry pending
Aurora
2,622
/ this week
Dakota
Awaiting Data
Telemetry pending
Flatcar
Awaiting Data
Telemetry pending

Image Pulls

Quay.io container image pulls · source: public registry API

Image Pull Trend

Project DORA Health

Bluefin
Medium
165.1×/wk deploys
50.3% fail rate
Aurora
Medium
9.5×/wk deploys
17.0% fail rate
Bazzite
Medium
6.5×/wk deploys
27.7% fail rate
ublue-os
Medium
17.3×/wk deploys
20.2% fail rate
uCore
Medium
17.3×/wk deploys
16.7% fail rate
Zirconium
High
11.5×/wk deploys
16.2% fail rate
bootcrew
Medium
21.0×/wk deploys
24.2% fail rate
BlueBuild
Medium
2.8×/wk deploys
59.2% fail rate

Future Proofed

These checks measure OCI image build best practices adopted across the bootc ecosystem. Signing and SBOM rates are computed from CI workflow step detection over the last 30 days. zstd:chunked, chunking mode, and SLSA provenance are sourced from OCI image supply-chain snapshots.
ImageCosign SigningSBOMzstd:chunkedchunked (chunka)SLSA
Bluefin✅ Yes❌ No❌ No⚠️✅ Yes
Aurora✅ Yes✅ Yes✅ Yesnone✅ Yes
Bazzite✅ Yes✅ Yes❌ Nonone✅ Yes
ublue-os✅ Yes✅ YesNot trackednonenone
uCore✅ Yes✅ Yes❌ Nonone❌ No
Zirconium❌ No❌ No✅ Yesnone❌ No
bootcrew✅ Yes❌ No❌ No✅ Yes❌ No
secureblueNot trackedNot tracked❌ Nonone❌ No
BlueBuild✅ Yes❌ NoNot trackednonenone

OpenSSF Scorecard

bluefin
7.5/10
2026-06-29
bluefin-lts
N/A
Not Indexed
aurora
7.8/10
2026-06-29
bazzite
8.0/10
2026-06-28
main
N/A
Not Indexed
akmods
7.9/10
2026-06-26
ucore
N/A
Not Indexed
common
6.4/10
2026-06-27
Scores from OpenSSF Scorecard. Click a card to view the full report.

Trends & Distribution

Fedora Version Distribution

Individual Image Trends

Bazzite Active Devices

Bluefin Active Devices

Bluefin-LTS Active Devices

📊

Telemetry Pending

Active check-ins data collection is not yet enabled for Bluefin-LTS.

Aurora Active Devices

Dakota Active Devices

📊

Telemetry Pending

Active check-ins data collection is not yet enabled for Dakota.

Flatcar Active Devices

📊

Telemetry Pending

Active check-ins data collection is not yet enabled for Flatcar.

Factory Adoption & Telemetry Details

Per-lane adoption detail

Image lane breakdown

Distro-wide countme active-device count transplanted from repo-owned docs/data/adoption-countme-migrated.json (snapshot week 2026-03-16 to 2026-03-22). The same value is reused for each tracked branch because the source has no branch dimension.

Telemetry Comparison: Registry Pulls vs Active Devices

LaneVariantBranchPull countActive devices (countme)StateEvidence
bluefin-testingbluefintestingNo registry pull-count data
3,502
availableEvidence
bluefin-stablebluefinstableNo registry pull-count data
3,502
availableEvidence
bluefin-lts-testingbluefin-ltstestingNo registry pull-count dataNo Fedora countme dataunavailable

No registry pull-count data (GHCR or container registry API) or active-device data (Fedora countme infrastructure) is tracked in docs/data/ for this lane.

Evidence
bluefin-lts-stablebluefin-ltsstableNo registry pull-count dataNo Fedora countme dataunavailable

No registry pull-count data (GHCR or container registry API) or active-device data (Fedora countme infrastructure) is tracked in docs/data/ for this lane.

Evidence
aurora-testingauroratestingNo registry pull-count data
2,527
availableEvidence
aurora-stableaurorastableNo registry pull-count data
2,527
availableEvidence
bazzite-testingbazzitetestingNo registry pull-count data
71,550
availableEvidence
bazzite-stablebazzitestableNo registry pull-count data
71,550
availableEvidence
dakota-testingdakotatestingNo registry pull-count dataNo Fedora countme dataunavailable

No registry pull-count data (GHCR or container registry API) or active-device data (Fedora countme infrastructure) is tracked in docs/data/ for this lane.

Evidence
flatcar-testingflatcartestingNo registry pull-count dataNo Fedora countme dataunavailable

No registry pull-count data (GHCR or container registry API) or active-device data (Fedora countme infrastructure) is tracked in docs/data/ for this lane.

Evidence

Publisher trust and provenance

Trust summary cards

Trust summary cards monitor OCI image build-time attestation metrics across publisher groups (such as projectbluefin and ublue-os). These checks verify build transparency and provenance before runtime execution.

bluefin

Org: projectbluefin · projectbluefin/bluefin

available
SBOM (Software Bill of Materials)Package inventory of the built container
❌ No
CVE Vulnerability ScanContinuous dependency vulnerability auditing
❌ No
Cosign AttestationCryptographic validation of build provenance
❌ No
Collected: Jul 1, 2026, 12:18 AM UTCEvidence Source

bluefin-lts

Org: projectbluefin · projectbluefin/bluefin-lts

available
SBOM (Software Bill of Materials)Package inventory of the built container
❌ No
CVE Vulnerability ScanContinuous dependency vulnerability auditing
❌ No
Cosign AttestationCryptographic validation of build provenance
❌ No
Collected: Jul 1, 2026, 12:18 AM UTCEvidence Source

aurora

Org: ublue-os · ublue-os/aurora

available
SBOM (Software Bill of Materials)Package inventory of the built container
❌ No
CVE Vulnerability ScanContinuous dependency vulnerability auditing
❌ No
Cosign AttestationCryptographic validation of build provenance
❌ No
Collected: Jul 1, 2026, 12:18 AM UTCEvidence Source

bazzite

Org: ublue-os · ublue-os/bazzite

available
SBOM (Software Bill of Materials)Package inventory of the built container
❌ No
CVE Vulnerability ScanContinuous dependency vulnerability auditing
❌ No
Cosign AttestationCryptographic validation of build provenance
❌ No
Collected: Jul 1, 2026, 12:18 AM UTCEvidence Source

dakota

Org: projectbluefin · projectbluefin/dakota

available
SBOM (Software Bill of Materials)Package inventory of the built container
❌ No
CVE Vulnerability ScanContinuous dependency vulnerability auditing
❌ No
Cosign AttestationCryptographic validation of build provenance
❌ No
Collected: Jul 1, 2026, 12:18 AM UTCEvidence Source

flatcar

Org: —

unavailable

publisher_repo and org are unknown for this variant; trust-summary card requires repo-owned evidence to be meaningful.

Collected: Jul 1, 2026, 12:18 AM UTCEvidence Source

Dataset provenance

Collector-derived contract

Schema version
v1
Generated at
Jul 1, 2026, 12:18 AM UTC
Status
partial

Collector-derived contract for the Adoption metrics tab.

Data Integrity Posture Disclosures

  • Adoption data available for 6 of 10 lanes.
  • 10 of 10 lanes lack registry pull-count data from the container registry API.
  • No registry pull-count data or distro-wide countme client reports are simulated. Lanes show "No registry pull-count data" or zero active devices rather than disappearing.
  • If registry pull.count data is unavailable/pending, it remains explicitly marked.
  • Countme snapshot disclosure: active-device coverage is partially available from repo-owned migrated artifacts in docs/data/. Pull-count data is still unavailable until an in-scope registry source is committed, and those gaps stay visible per lane.
  • 4 of 10 lanes lack active-device estimates from Fedora countme infrastructure.
  • 1 of 6 trust cards are incomplete due to missing publisher metadata.
Open raw dataset