This topic provides an overview of Tanzu Stacks.
Stacks are container images that Tanzu Build Service uses to build and run applications. We provide stacks based on Ubuntu 18.04 (Bionic Beaver), and Microsoft Windows Server Core LTSC 2019 with different use cases shown below.
Stack images are published to the Tanzu Network Registry. You can download stack images from the VMware Tanzu Network
These stacks are based on Ubuntu 18.04 (Bionic Beaver) Ubuntu is an open-source Linux distribution published by Canonical, who also provides commercial support and security updates.
The following Ubuntu stacks are supported in Tanzu Build Service:
For the source code, see stacks on GitHub.
We provide a FIPS 140-2 compliant
base stack that contains compliant versions of
openssl. To download the FIPS 140-2 compliant stack, see VMware Tanzu Network.
Note: Access to the FIPS 140-2 compliant stack tile is restricted. To request access, reach out to your Tanzu account representative.
For more information about FIPS compliance, see Compliance FAQs: Federal Information Processing Standards (FIPS).
Stacks are rebuilt whenever a package is patched to fix a CVE. For more information about CVEs, see Common Vulnerabilities and Exposures (CVE). Stacks are also rebuilt weekly to ensure packages without CVEs are also up to date.
We aim to release stack updates that fix High and Critical CVEs within 48 hours of the patch release. For stack updates fixing Low and Medium CVEs, we aim to release within two weeks.
Note: Security scanning tools might report vulnerabilities in apps even when using the latest stack. This can occur when a CVE patch is not yet available upstream or if Canonical determines that the vulnerability is not severe enough to fix.
Stacks are backwards compatible. A stack can safely be upgraded to the most recent version within the major version line. If for some reason backwards compatibility is broken, it happens when a new major version is released.
Stack updates in Tanzu Build Service are efficient and do not break applications. When a stack is updated, each application that uses that stack is rebased on top of the new stack image. The application does not need to be rebuilt because the stack maintains application binary interface (ABI) compatibility.
Tanzu Build Service currently supports the
This stack is based on Microsoft Windows Server Core LTSC 2019
For this stack, see VMware Tanzu Stack Image for .NET Framework on Microsoft Windows Server Core
dotnet-frameworkstack, we benefit from all of the security provided by Microsoft. For more information, see Microsoft's web site on its Server Core 2019 LTSC image
VMware Support can assist in troubleshooting issues encountered using any of the stacks that are shipped as a part of Tanzu Build Service.
As detailed in Security and Hardening Features above, all stack images shipped within Tanzu Build Service are patched in response to upstream CVEs after they are patched by Canonical.
For more information about what Tanzu Build Service supports, see Scope of Support for Cloud Native Buildpacks.