VMware Tanzu Application Catalog Overview
Tanzu Application Catalog is the enterprise version of Bitnami packages continuously maintained and verifiably tested for use in production environments. These enterprise packages can be customized to meet organization’s internal policies and come with extensive metadata for risk assessment: CVEs scanning reports, SBoM, and VEX documents.
VMware acts as a content provider that maintains and delivers trusted OSS applications enabling customers to outsource a considerable portion of their OSS management tasks.
The content available in Tanzu Application Catalog went through rigorous verification against specific Kubernetes versions and platforms as well have been verified to use in air-gapped and OpenShift environments, come with pod security policies enabled by default and are FIPS compliant.
Tanzu Application Catalog use cases
Standardize use of open source software to reduce complexity
Tanzu Application Catalog offers a carefully curated selection of open-source applications, all built using the Linux distribution chosen by the customer.
This approach aids development teams in streamlining their processes by minimizing the deployment of multiple application versions and distributions. Moreover, these applications undergo packaging via a standardized secure pipeline, ensuring they adhere to consistent security hardening standards.
Additionally, customers have the flexibility to configure and customize these OSS applications to integrate necessary enterprise tools and agents, thereby promoting the standardization of open-source application configurations across different teams within an organization.
For information see:
Accelerate time to market
Tanzu Application Catalog offers tested, validated, and secure container images, simplifying deployment complexity in both development and production environments and accelerating time to market. By providing developers across the organization with a trusted and reusable repository of OSS components, it enhances efficiency in building modern applications. Additionally, the Tanzu Application Catalog handles building, packaging, securing, and baseline configuration activities, thereby reducing developer workload and freeing them from day 0 responsibilities.
Automate day 0 and lifecycle management of open source software
Tanzu Application Catalog automates critical lifecycle management tasks, including adding, patching, updating, and retiring OSS Applications. Furthermore, our container images undergo thorough testing for functionality and reliability across major cloud and Kubernetes platforms, as well as antivirus and CVE scans. This automated process relieves development teams of the burden of scanning, testing, and maintaining the OSS they utilize in their application development.
For information see:
- How is Tanzu Application Catalog continuously tested to be used in production environments?
- Application performance, security, and functional tests in Tanzu Application Catalog
Improve your security and compliance posture
Tanzu Application Catalog helps improve compliance posture by providing SLSA3-compliant open source software, STIG-compliant base image options, and VEX documentation per CISA (Cybersecurity and Infrastructure Security Agency) guidelines.
Our continuously-running build pipeline ensures that all security patches and open source software upgrades are made available to you as soon as they are released upstream.
For information see:
- Security frameworks and industry best practices in Tanzu Application Catalog
- Reports
- How does Tanzu Application Catalog ensure that its containers and Helm charts do not include fixable CVEs?
Learn more about Tanzu Application Catalog
Platform Operator
- Create custom catalogs
- Does Tanzu Application Catalog have a SBoM visualization tool?
- Security frameworks and industry best practices in Tanzu Application Catalog
- Apply User-Defined Customizations to Tanzu Application Catalog Containers
- Verify VMware Tanzu Application Catalog signatures
- Discover and monitor VMware Tanzu Application Catalog workloads with Wavefront
Developer
- Consume Tanzu Application Catalog artifacts
- Applications documentation
- Manage releases
- Antivirus scan report
- Transition applications to VMware Tanzu Application Catalog
- Troubleshoot VMware Tanzu Application Catalog Helm charts
- Synchronize VMware Tanzu Application Catalog Helm Charts in Air-Gapped environments
- Building multi-platform container images
Differences between community and enterprise packages: Bitnami and Tanzu Application Catalog
| Features | Bitnami Application Catalog | Tanzu Application Catalog |
|---|---|---|
| Update cadence | Best effort | Refresh of catalog triggered by component updates and critical CVE fixes |
| Support | Community | VMware support |
| Base operating system | Debian | Customer choice |
| Architecture | AMD64, ARM64 | AMD64, ARM64 |
| Governance and security advisories | Basic information on components and licenses within the images | Enhanced Software Bill of Materials (SBOM) with detailed metadata for all form factors and CVE scan result reports and VEX documents for container images |
| Validation reports | Not available | Downloadable application security performance and functional tests results as well as verifications to run air-gap, non-root, and with FIPS |
| Feature requests | Community | Priority |
| Sealed Secrets support | Community | VMware support |
| Content Storage | Public | Private (Customer provided or VMware hosted registry) |
| Recommended use | Development | Production |
