VMware Tanzu Platform Hub Release Notes

VMware Tanzu Platform hub is a multi-cloud management solution unifying cost, performance, configuration, and delivery automation on a single platform with a common control plane and data model for any cloud, any platform, any tool, and every persona.

For information about getting started and how to use Tanzu Platform hub, see Using and Managing VMware Tanzu Platform Hub.

For Governance Policy release notes, see VMware Tanzu Hub Governance Policy Release Notes and 2023 VMware Tanzu Hub Governance Policy Release Notes.

June 2024 - What’s new

Git repository discovery and management

With Tanzu Platform hub, you can now scan your Git code repositories to ensure they aren’t at risk from libraries that have reached end of support (EOS) or contain security vulnerabilities that require updates. After onboarding your Git repositories, you can run an analysis and review the results, including:

  • A summary of libraries that are out of support, soon to leave support, and libraries that contain vulnerabilities.
  • Recommendations about which libraries to upgrade or patch based on the priority, estimated impact, and effort.
  • A list of libraries with vulnerabilities sorted by criticality.

Reports can also be downloaded or exported for deeper analysis.

May 2024 - What’s new

Application management

With this initial release of the feature, Tanzu Platform now supports application management for Spring applications running on Kubernetes and TAS.

  • Tanzu Platform groups your applications into business applications, which correspond to TAS spaces and Kubernetes namespaces, and provides a comprehensive view of your application stack from the business application level down to the infrastructure.

    Platform engineers and site reliability engineers can examine business applications to quickly reach problematic areas and determine areas of responsibility for issue resolution.

  • Tanzu Platform also provides performance, platform, and libraries dashboards for your Spring applications based on metrics and other data collected from the applications and the platforms on which they are running.

    Application owners can examine performance dashboards to quickly troubleshoot Spring applications. Platform owners can examine libraries dashboards to assess application security and governance.

Updated navigation

We simplified the navigation on the left to improve the user experience.

February 2024 - What’s new

GCP bulk account onboarding

GCP Projects that are part of a GCP Organization can now be bulk onboarded instead of adding them to Hub individually.

New Project context switcher

You can now set the scope for inventory that you are viewing in Tanzu Hub using the Context switcher at the top left of the user interface.

Guardrails

Consolidation of Guardrails and Secure Clouds roles

Users no longer need to be assigned VMware CSP roles for both Tanzu Guardrails and Secure Clouds services.

  • The Secure Clouds Admin role is renamed Guardrails Admin and includes all privileges the previous Guardrails Admin role had. The previous Guardrails Admin role has been removed.
  • The Secure Clouds Analyst role is renamed Guardrails Analyst.
  • The Secure Clouds Viewer role is renamed to Guardrails Viewer and includes all privileges the previous Guardrails Viewer role had. The previous Guardrails Viewer role has been removed.

Remediation for security posture policies

With the remediation capability in Tanzu Guardrails, users can now configure automated resolution of security posture policy findings in Tanzu Guardrails. You can set up remediation actions by defining criteria for which findings to remediate and when. We provide a library of supported remediation jobs that you can choose from or you can create your own custom job by referring to this documentation.

To get started with setting up a remediation action, refer to our product documentation. You can enable these remediations to run automatically or on-demand, as needed.

Configure and run reports for findings

You can now create on-demand and scheduled reports for all findings types that are natively detected or ingested into Guardrails based on your criteria. You can choose from two types of reports:

  • A Findings Report in CSV or JSON file format that provides details on each finding.
  • A Findings Overview Report in PDF format to provide a high-level view of your findings by utilizing different types of summary views, trend graphs, and charts.

Review the findings documentation for specific steps on how to set up a report.

Webhook support for findings notifications

We’re happy to announce support for Webhook as notification target for Tanzu Guardrails. You can use the webhook notifications to send security findings to a URL destination in a custom format (JSON, XML, HTML, plain text, and so on).

This lets you send findings data not only to already supported Tanzu Guardrails targets but also to any third-party applications that support webhooks.

Additionally, the new Webhook notification target for Guardrails supports Microsoft Teams and PagerDuty templates out of the box, so if you want to send notifications to these two platforms you’re ready to go with just a click.

Jira Cloud support for findings notifications

We’re are happy to announce support for Jira Cloud as a notification target. This means that you can configure Jira issues to generate from newly detected findings and automate their assignment to individuals or teams for resolution into your existing workflow.

Additionally, the Jira Cloud notification target supports issue templates, and with it you can customize the finding issues created in Jira Cloud so you can have them exactly in the desired format and with relevant finding data you want.

Review the notification documentation for specific instructions on configuring Jira Cloud notifications and customizing issue templates.

Compliance dashboard now available

VMware Tanzu Guardrails is introducing a new Compliance dashboard to help you better understand how compliant your cloud environments are toward various industry benchmarks and frameworks. As part of this release, you will see a compliance dashboard widget for each compliance framework you have published with the following information:

  • Compliance percentage
  • Number of policies compliant / total compliance policies
  • Number of open, new, and resolved findings associated with the policies in the compliance framework

To view the Compliance dashboard, go to Guardrails > Summary and select the Compliance dashboard in the dropdown list.

Trends dashboard now available

VMware Tanzu Guardrails is introducing a new Trends dashboard to help you better the change in risks and misconfigurations in your cloud environment over a given period of time.

As part of this release, the following widgets have been added to the VMware Tanzu Hub widget library:

  • Findings Over Time
  • New Findings
  • Top Findings by Services
  • Top Findings by Cloud Accounts

To view the Trends dashboard, go to Guardrails > Summary and select the Trends

dashboard in the dropdown list.

November 2023 - What’s new

Tanzu Hub

There are no November updates for VMware Tanzu Hub.

Guardrails

Policy template renamed to Desired State template

Going forward Policy templates will be called as Desired State templates. Users can define Desired States for a specific account or set of resources using the Desired State templates. This change was done to avoid any confusion with the posture policies and make it intuitive for user to understand the relationship between templates and desired states.

Updated Overview Dashboard with new widgets

VMware Tanzu Guardrails is introducing dashboard widgets on the Overview dashboard to help you better act upon the risks and misconfigurations in your cloud environments.

As part of this release, the following widgets have been added to the VMware Tanzu Hub widget library:

  • Findings overview
  • Top accounts with open findings
  • Top policies with open findings (Critical/High)
  • Findings breakdown by services, regions, and accounts
  • Top resources with open findings
  • Suppressions data - requests & activity
  • Remediation runs and remediation worker groups & actions
  • Findings by category
  • Findings over time (trends)

To view the Overview dashboard and widgets, go to Summary in VMware Tanzu Guardrails.

Custom compliance management

With this latest compliance management update, you can easily create new compliance frameworks and clone existing frameworks in VMware Tanzu Guardrails customized to your organizations’ compliance requirements. When creating a new framework, you can associate native and custom posture policies to the framework with customized controls and control groups to organize these policies. To learn more about how you can customize your compliance frameworks, refer to the product documentation.

Policy categories

VMware Tanzu Guardrails supports over 1200 posture policies covering a wide breadth of policy classes such as Public Access, Access Management, Data Protection, Secrets

Management, Log Management, and more. You can now easily view all of the policy classes and filter your Findings based on the specific areas of risk that your organization is most concerned with for more focused visibility and actionable insights.

To see the full list of categories we support, refer to our product documentation or view and apply a VMware Tanzu Guardrails findings filter.

October 2023 - What’s new

Tanzu Hub

New notification service

Now you can set up Notification Rules for Insights and Guardrails Findings. Supported targets for Insights are email and Slack. For Findings email is supported and Slack is coming soon as well.

Credentials and Projects

When you add elevated credentials to an account, you can now associate the credentials with one or more Hub Projects. This allows you to control which Hub Projects are able to use the elevated credentials for Guardrails actions.

Insights

Insights has announced IA availability. This release includes:

  • Correlation of events and alerts into an Insight to reduce mean-time-to-detect and mean- time-to-resolve.
  • Timeline view to help users understand how an issue unfolded
  • Impact view to show the relationship between resources and services.
  • A seamless integration between Aria Operations for Applications and Insights. View contextual information inline while enabling deeper troubleshooting if needed.
  • Supported sources include Aria Operations for Applications, Aria Operations for Logs, AWS, Azure, K8s.

Guardrails

Version control Desired State Templates and Git integration

Users can now manage Desired State template versions in their managed GIT repository. The integration allows users to create Desired States by referring to the template path and the commit version in the Desired State configuration.

Discover and govern unmanaged cloud VMs

Tanzu Guardrails now offers Desired State templates to discover unmanaged cloud VMs (AWS and Azure), automatically install the Secure Hosts minion on the VMs, and register them to Secure Hosts. Secure Hosts can be used to perform Operating System compliance checks and vulnerability management for the VMs. It reduces the security blind spot.

VM rightsizing recommendation from cloud native sources

Tanzu Guardrails can now be configured to fetch the AWS EC2 rightsizing recommendations from Cost Explorer in the AWS accounts. To do so, the AWS accounts must have recommendations enabled in Cost Explorer. Also, Azure VM rightsizing recommendations can be fetched into Tanzu Guardrails from Azure Advisor in the Azure subscriptions.

New ways to explore and prioritize your findings

Tanzu Guardrails now provides two new ways to explore, prioritize, investigate, and ultimately remediate your findings with two new Finding views available on the Findings page:

  • Findings grouped by resource - is an aggregate view on the findings detected for each resource with the ability to sort by resource attention score* (applied by default), findings count, age of latest detected finding, and more.
  • Findings grouped by policy - is an aggregate view on the findings detected for each policy or desired state with the ability to sort by finding count (applied by default), policy name, age of latest detected finding, and more.

Combining these new finding views with the many already available filtering options can make your finding prioritization easy and help you focus on the areas that need the most attention regarding your infrastructure security and compliance posture.

*resource attention score - is the sum of the findings attention score detected for the respective resource, for the findings that are matching the applied filters (if any).

Extensive Findings details

Guardrails now provides extensive findings details by providing a dedicated details page for each finding. The finding information and available finding actions on each details page is specific to each finding depending on its nature. In this way, you can easily understand the finding and its context, then decide whether to share it, suppress it, or remediate it.

Along with the complete finding details for:

  • Violations - including the context of the violated policy such as a detailed description, suggested actions, knowledge article
  • Drifts - including the drift description, desired state versus discovered state side-by-side comparison
  • And more…

You can also explore details of the resource and the cloud account on which the finding was detected. A finding graph view is provided for some types of findings, and can provide additional insight into the related resources and how their configurations relate to the detection of the respective finding.

Exporting Findings to a CSV file

You can now export findings results from the “ALL FINDINGS” view to a CSV file with a single click. Any filters that are applied to the findings also apply to the findings data that is exported to the CSV file.

To export your findings, go to the Findings page, make sure that you are viewing ALL FINDINGS, apply any filters that you choose, and click the EXPORT button that is located above the Findings grid.

Email notifications available for Guardrails findings

We’re pleased to announce that you can now create Email Notifications that can notify you about new findings that Tanzu Guardrails detects. To create a findings email notification, you choose who will receive the notifications by providing the respective email addresses, then optionally choose the triggering criteria to specify on which new findings to get notified. You also must choose one of the following delivery strategies:

  • Realtime (selected by default) - sends an email almost immediately for each newly detected finding after it is detected.
  • Summary - sends an email periodically on the newly detected findings, summarized either by Resource or by Policy. You can choose the frequency to receive the email: either hourly, daily, or a custom period. If findings do not occur that match your criteria, an email does not get sent.

The notification email content either provides basic findings details for Realtime notifications, or a summary table on the number of new findings that were detected since the last

email update for Summary notifications. Email messages also provide links to the respective findings in both Tanzu Guardrails and Aria Automation for Secure Clouds*. Depending on which of the two products you are using, in the user interface you can further investigate the newly detected findings.

*Reminder: on August 4, 2023, VMware announced that VMware Aria Automation for Secure Clouds is moving into VMware Tanzu Intelligent services as part of VMware Tanzu Guardrails.

GCP Security Command Center findings source available

GCP Security Command Center is now available as a findings source. Findings sources make it easier to correlate information between cloud resource configurations, posture misconfigurations, threats, and vulnerabilities. When configured, a findings source enables ingestion of security findings from external sources such as Amazon GuardDuty, Amazon Inspector, and Azure Defender.

Threat and vulnerability findings from the GCP Security Command Center can now be ingested and correlated, providing an additional layer of security insights and enabling security and operational teams to match cloud configurations to host vulnerabilities from one GUI or report.

You can configure GCP Security Command Center in a few short steps. You can choose which accounts to ingest findings into VMware Tanzu Hub under Set Up and Configure> Findings Sources> GCP Security Command Center. To view the findings along with other VMware Tanzu Guardrails findings, navigate to the various Findings views and choose GCP Security Command Center in the findings sources filter.

July 2023 - What’s new

Aria Hub

Flamegraph for Kubernetes

Edit accounts

Now you can edit Accounts and update the following information:

  • Account description
  • Aria project assignment
  • Environment
  • Owner name
  • Owner email
  • Tags

For AWS accounts you can also update the collection and elevated credentials.

June 2023 - What’s new

Enhancements for Google Cloud Platform

  • GCP accounts now appear in the search query prompt drop down
  • Added GCP examples for search queries
  • Added GCP entity types for Business Applications curation

Edit AWS account properties

After onboarding AWS Accounts, you can now edit the account properties, such as owner name and email, environment, tags and projects.

Azure subscriptions bulk onboarding

You can now onboard multiple Azure subscriptions in an Azure tenant in a single workflow.

check-circle-line exclamation-circle-line close-line
Scroll to top icon