February 22, 2024

What's New with Tanzu Application Catalog—Nov' 23 to Jan '24

Tanzu Application Catalog now gives you the ability to apply user-defined application customizations to all container images in the catalog, leverages Notation for signing and verifying OCI artifacts, support Nexus Container Registry. Learn all about them in this blog.

Welcome to another edition of What’s new with Tanzu Application Catalog, our quarterly round up of all things related to Tanzu Application Catalog.

Product upgrades

Apply user-defined application level customizations to meet enterprise policies

Tanzu Application Catalog now gives you the ability to apply user-defined application customizations to all container images in the catalog. With this new capability, you can add application-specific post-build scripts into the Tanzu Application Catalog build process so that your artifacts meet requirements, such as installing certificates, adding plug-ins, or removing libraries or components from each container image. Read this tutorial to get step-by-step guidance on how to apply customizations to Tanzu Application Catalog container images.

SLSA Level 3 compliant supply chain delivers enterprise-grade open source Software

Tanzu Application Catalog is fully compliant with Supply Chain Levels for Software Artifacts (SLSA) Level 3 security. This means that all the open source software packages delivered by Tanzu Application Catalog meet the SLSA Level 3 standards. This means that enterprises can use Tanzu Application Catalog to bake in your app-specific customizations with a SLSA 3-compliant supply chain. By doing so, you can get OSS containers that are customized for your requirements, ready to be deployed out of the box along with valid signatures and SBOMs, and built on a SLSA 3 pipeline.

For more details, check out this blog.

CNCF incubating project Notation for signing and verifying OCI artifacts

Tanzu Application Catalog now leverages Notation (in addition to Cosign) for signing and verifying Open Container Initiative (OCI) artifacts (container images, Helm charts, and metadata bundles). Notation is a CLI project that enables the addition of signatures as standard items in the OCI registry ecosystem and the ability to build a set of simple tooling to sign and verify these signatures. Notation is an implementation of the Notary Project specifications and is a CNCF incubating project.

For more details, see our blog.

ARM architecture support enables cost savings and power efficiency

Tanzu Application Catalog now extends for ARM computer processor architecture in addition to the x86-64 format. Container images packaged with Debian, Photon OS, or Red Hat Universal Base Image (RH UBI) as the base OS image will be shipped as multi-architecture images with support for ARM64 as well as x86-64. This means that these container images can be deployed as ARM64 or x86-64, depending on the architecture of the platform on which they are deployed.

Learn more in this blog.

Support for Nexus Container Registry

Tanzu Application Catalog lets you build a private catalog of continuously-maintained, ready-to-deploy open source software which are directly delivered to your private Open Container Initiative (OCI)-compliant registry of choice. Recently we added Nexus Container Registry to our long list of supported registries which already includes Google Container Registry, Google Artifact Registry, Azure Container Registry, Amazon Elastic Container Registry, Harbor, JFrog Container Registry, and GitHub Container Registry.

Read our documentation to learn more.

Multi-registry support

Tanzu Application Catalog now allows administrators to select multiple private registries while creating an application pipeline. This means that a VMware Cloud Services organization can shard your Tanzu Application Catalog users into different OCI registry projects to control application availability. This also allows the administrator to deliver the same application to multiple OCI registries and populate the same applications to different projects.

Learn more in our documentation.

Helping customers with your AI/ML journeys

Our focus on adding more Artificial Intelligence and Machine Learning (AI and ML)-related applications to our catalog to keep up with the increasing demand has led our team to write a series of how to blog posts. These blogs aim to help you get started with some popular AI- and ML-related applications in our catalog and make the best use of them.

  • MLflow is an open source platform for managing the end-to-end machine learning lifecycle. This blog post helps you learn how to obtain the Bitnami-packaged MLflow Helm chart, how to deploy the Helm chart, and, finally, how to run some ML experiments to gather metrics. It also  provides a basic blueprint to help you integrate the MLflow module into your ML experiment.

  • Milvus is an open source vector database built for the development and maintenance of AI applications. Read this blog to learn how to obtain the Bitnami-packaged Milvus Helm chart and how to build an intelligent chatbot using Milvus and the BERT model for natural language processing (NLP).

  • OpenSearch is an open source search and analytics suite used for real-time application monitoring, log analytics, website search, and more.  Read this blog to learn how to deploy Bitnami-packaged OpenSearch Helm chart, how to access the OpenSearch dashboard, and how to use the OpenSearch API.

Educational Resources

CCS Insight Report: Bringing Order to Open Source Software Deployment through Curated Catalogs

A new technology research paper by tech research and advisory firm CCS Insight sheds light on the challenges enterprises face when managing open source software. The report offers insights into the value provided by Tanzu Application Catalog, and you can. download the report to understand how you can bring order to your open source software deployments.

Tanzu Application Catalog: Mitigating Open Source Software Supply Chain Risks (on-demand webinar)

Watch Brad Bock, Product Manager, Tanzu Application Catalog, take a deep dive into how enterprises can leverage Tanzu Application Catalog to improve your supply chain security without any compromise to developer experience in this webinar, now available for on-demand watch. 

A Seamless GitOps Experience: Integrating sealed secrets with Bitnami charts

If you are a developer who works with Bitnami packages, you’ve probably asked questions like what’s the best method to deploy a Bitnami chart with a specific password written in the values.yaml file? or what is the best way to use Bitnami charts with solutions like ArgoCD.  Using Sealed Secrets with existing Secrets is a valid approach if you are trying to deploy Sealed Secrets in your cluster. However, this could be a toilsome and complex approach. Read this blog to learn how you can avoid this toil by using a parameter called extraDeploy in the values.yaml file of Bitnami packages.

Maximizing the power of VEX, SBoMs and CVE scan results for an efficient vulnerability assessment

With VEX, SBoMs, and CVE scan results, Tanzu Application Catalog acts as a centralized source of truth where you can not only get customizable, trusted, and verified OSS applications and components to build applications, but also get all the information required to efficiently manage and assess the vulnerabilities that may pose risk to your software supply chain.

Read this blog to learn more about VEX documentation, SBoMs and CVE scan results in Tanzu Application Catalog.


If you are interested in learning more about Tanzu Application Catalog, go through our resources.

Filter Tags

Tanzu VMware Tanzu Application Catalog Blog What's New Overview