This blog was originally published on Tanzu Tech Zone.
Welcome to another edition of What’s new with Tanzu Application Catalog. This is a quarterly round up of all things related to Tanzu Application Catalog.
Product upgrades
Apply user-defined application level customizations to meet enterprise policies
Tanzu Application Catalog now allows applying user-defined application customizations to all container images in the catalog. With this new capability, you can add application-specific post-build scripts into the Tanzu Application Catalog build process so your artifacts meet requirements such as installing certificates, adding plug-ins, or removing libraries or components from each container image. Read this tutorial to get step-by-step guidance on how to apply customizations to Tanzu Application Catalog container images.
SLSA Level 3 – Compliant Supply Chain to Deliver Enterprise-grade Open Source Software
Tanzu Application Catalog is fully compliant with Supply Chain Levels for Software Artifacts (SLSA) Level 3 security. This means that all the open source software packages delivered by Tanzu Application Catalog meet the SLSA Level 3 standards. A critical benefit for enterprises is that they can use Tanzu Application Catalog to bake in their app-specific customizations with a SLSA 3-compliant supply chain. By doing so, they can get OSS containers that are customized for their requirements, ready to be deployed out of the box along with valid signatures and SBOMs and built on a SLSA 3 pipeline.
For more details, check out this blog.
CNCF incubating project – Notation for signing and verifying OCI artifacts
Tanzu Application Catalog now leverages Notation (in addition to Cosign) for signing and verifying Open Container Initiative (OCI) artifacts (container images, Helm charts, and metadata bundles). Notation is a CLI project that enables adding signatures as standard items in the OCI registry ecosystem and building a set of simple tooling to sign and verify these signatures. Notation is an implementation of the Notary Project specifications and is a CNCF incubating project.
For more details, check out our blog.
ARM Architecture support to enable cost savings and power efficiency
Tanzu Application Catalog now extends for ARM computer processor architecture in addition to the x86-64 format. Container images packaged with Debian, Photon OS, or Red Hat Universal Base Image (RH UBI) as the base OS image will be shipped as multi-architecture images, supporting ARM64 as well as x86-64. This means that these container images can be deployed as ARM64 or x86-64, depending on the architecture of the platform on which they are deployed.
Learn more in this blog.
Support for Nexus Container Registry
Tanzu Application Catalog lets customers build a private catalog of continuously-maintained, ready-to-deploy open source software which are directly delivered to a customer’s private Open Container Initiative (OCI)-compliant registry of choice. Recently we have added Nexus Container Registry to our long list of supported registries which already include Google Container Registry, Google Artifact Registry, Azure Container Registry, Amazon Elastic Container Registry, Harbor, JFrog Container Registry, GitHub Container Registry.
Read our documentation to learn more.
Multi-registry support
Tanzu Application Catalog now allows administrators to select multiple private registries while creating an application pipeline. This means that a VMware Cloud Services organization can shard their Tanzu Application Catalog users into different OCI registry projects to control application availability. This also allows the administrator to deliver the same application to multiple OCI registries and populate same applications to different projects.
Learn more in our documentation
Helping customers in their AI/ML journeys
As we have focused on adding more Artificial Intelligence and Machine Learning (AI & ML)-related applications to our catalog to keep up with the increasing demand, our team has written a series of ‘how to’ blog posts. These blogs aim to help you get started with some popular AI & ML-related applications in our catalog and make the best use of them.
- MLflow is an open source platform for managing the end-to-end machine learning lifecycle. This blog post helps you learn how to obtain the Bitnami-packaged MLflow Helm chart, how to deploy the Helm chart, and finally, how to run some ML experiments to gather metrics, and provides a basic blueprint to help you in the process of integrating the MLflow module into your ML experiment.
- Milvus is an open source vector database built for developing and maintaining AI applications. Read this blog to learn how to obtain the Bitnami-packaged Milvus Helm chart and how to build an intelligent chatbot using Milvus and the BERT model for natural language processing (NLP).
- OpenSearch is an open source search and analytics suite used for real-time application monitoring, log analytics, website search etc. Read this blog to learn how to deploy Bitnami-packaged OpenSearch Helm chart, how to access the OpenSearch dashboard, and how to use the OpenSearch API.
Educational Resources
CCS Insight Report: Bringing Order to Open Source Software Deployment through Curated Catalogs
A new technology research paper by tech research and advisory firm CCS Insight sheds light on the challenges enterprises face when managing open source software, and it offers insights into the value provided by Tanzu Application Catalog. Download the report to understand how you can bring order to your open source software deployments.
Tanzu Application Catalog: Mitigating Open Source Software Supply Chain Risks (On-demand Webinar)
Watch Brad Bock (Product Manager, Tanzu Application Catalog) deep dive into how enterprises can leverage Tanzu Application Catalog to improve their supply chain security without any compromise to developer experience in this recent webinar which is now available for on-demand watch.
A Seamless GitOps Experience: Integrating Sealed Secrets with Bitnami Charts
If you are a developer who works with Bitnami packages, questions like ‘what’s the best method to deploy a Bitnami chart with a specific password written in the values.yaml file?’ or ‘what is the best way to use Bitnami charts with solutions like ArgoCD’ must have occurred to you. Using Sealed Secrets with existing Secrets is a totally valid approach if you are trying to deploy Sealed Secrets in your cluster. However, this could be a toilsome and complex approach.Read this blog to learn how you can avoid this toil by using a parameter called extraDeploy in the values.yaml file of Bitnami packages.
Maximizing the power of VEX, SBoMs and CVE scan results for an efficient vulnerability assessment
With VEX, SBoMs, and CVE scan results, Tanzu Application Catalog provides as a centralized source of truth where you can, not only get customizable, trusted and verified OSS applications and components to build applications, but also get all the information required to efficiently manage and assess the vulnerabilities that may pose risk to your software supply chain.
Read this blog to learn more about VEX documentation, SBoMs and CVE scan results in Tanzu Application Catalog.