Open source software made enterprise ready

Tanzu Application Catalog, a component of Tanzu Platform, allows you to build a private catalog of custom-configured, pre-packaged open source application components that are continuously maintained and verifiably tested for use in production environments.

Get a free OSS assessment Explore the catalog

Tanzu Application Catalog is the enterprise version of the open source Bitnami Application Catalog. Built by leveraging Bitnami’s expertise in packaging hundreds of open source software applications and delivering them to millions of developers, Tanzu Application Catalog gives enterprises stronger control and deeper visibility into their open source software supply chains, while allowing their developers to enjoy their familiarity with Bitnami packages.

Learn more

Tanzu Application Catalog Key Capabilities

Leverage enterprise-grade, pre-packaged, open source software with full confidence.

Leading-edge security practices

Tanzu Application Catalog provides a private catalog of open source software, packaged following Bitnami's renowned practices on an SLSA3-compliant pipeline with verifiable signatures and rich metadata to help you inherently improve your security posture.
Read our documentation

Rich, actionable

The comprehensive metadata provided in the form of Vulnerability Exploitability eXchange (VEX) documentation, Software Bills of Materials and CVE scan results helps eliminate false positive CVE reports and achieve efficient management of risks posed by upstream vulnerabilities.

Advanced customization options

Customize the open source software you need at the base operating system (OS), language runtime and application layer levels. These customizations are baked into our delivery pipeline to ensure that the customized open source software you need is delivered as fully production-ready artifacts.
Read our blog

Production readiness

The open source software applications in the catalog are consistently packaged including all necessary dependencies and configurations, put through rigorous functionality and performance tests across multiple platforms, and delivered to you ready to deploy.

Continuous, automated maintenance

All open source software lifecycle management activities like security patching, version upgrading and dependency management are executed behind the scenes through automated processes, enabling your developers to focus on business innovation.

A lean and secure base image

Get the option to use Photon OS, a VMware-maintained lean and lightweight Linux distribution, as the base operating system, and procure open source software application components with minimal vulnerabilities.

Tanzu icon

Why Tanzu Application Catalog?

Move faster by leveraging secure, open source components for app development.

Developer convenience

Developers can rapidly innovate with a self-service catalog of ready-to-deploy open source building blocks such as application components, databases and runtimes.

Platform engineering confidence

Platform engineers can gain the confidence that the open source software used by their development teams have minimal vulnerabilities, conform to enterprise security requirements, and are custom-configured per their requirements.

Read the solution brief

How do I use Tanzu Application Catalog?

Accelerate application development with a catalog of ready-to-use open source containers, Helm charts and virtual machine images.

Deploy anywhere with confidence

Applications in your custom catalog are delivered as ready-to-deploy artifacts to a private registry of your choice or a VMware-hosted registry along with a comprehensive set of metadata including VEX, SBoMs and CVE scan reports. You can then deploy the applications without security-related issues, as the latest security patches and version upgrades are automatically delivered to you once they are available upstream.

Use Cases

Achieve strong compliance with regulatory norms

Enable your developers to work with the open source software they need without worrying about regulatory compliance. Tanzu Application Catalog helps you improve your compliance posture by providing SLSA3-compliant open source software, STIG-compliant base image options and VEX documentation per CISA (Cybersecurity and Infrastructure Security Agency) guidelines.

Automate day 0 and lifecycle management of open source software

All open source software-related day 0 and lifecycle management activities like packaging, patching, updating and baseline configuration activities are carried out by Tanzu Application Catalog, reducing developer toil and enabling them to focus on software development.

Reduce security risks posed by open source

Our continuously-running build pipeline ensures that all security patches and open source software upgrades are made available to you as soon as they are released upstream.

Improve security decision making

Use the comprehensive metadata provided by Tanzu Application Catalog and get all the information you need for reliable and efficient upstream risk management and a stronger security posture.

Standardize use of open source software to reduce complexity

Reduce the complexities associated with open source software and establish standardization by building a curated catalog for your development teams—configuring and customizing the applications to include enterprise tools and agents.

Streamline open source vendor dependencies

Avoid the hassle of having to deal with multiple open source software vendors. Instead, you can rely on the expertise of Bitnami and VMware to get your developers up and running with the open source software they need and love.

“We are pleased to work [with] VMware, which has enabled a protected and trusted ecosystem that allows our teams to focus their energy on further business demands.”

Olivier Lagarde, Lead Technical IT Infrastructure Policy for Satellite Ground System, Airbus Defence and Space

Frequently Asked Questions

What is Tanzu Application Catalog?

Which applications can I choose for my catalog?

Which base operating system images can I choose for my applications?

What is the form factor of the open source software applications delivered by Tanzu Application Catalog?

Where can I deploy the applications I get from Tanzu Application Catalog?

How does Tanzu Application Catalog ensure that its containers and Helm charts do not include fixable CVEs?

How frequently are the applications in Tanzu Application Catalog verified and updated?

I have been using the open source Bitnami packages for years now. Why should I upgrade to Tanzu Application Catalog?

Talk to an expert

Contact Us