Tanzu Application Catalog is the enterprise version of the open source Bitnami Application Catalog. Built by leveraging Bitnami’s expertise in packaging hundreds of open source software applications and delivering them to millions of developers, Tanzu Application Catalog gives enterprises stronger control and deeper visibility into their open source software supply chains, while allowing their developers to enjoy their familiarity with Bitnami packages.
Leverage enterprise-grade, pre-packaged, open source software with full confidence.
Tanzu Application Catalog provides a private catalog of open source software, packaged following Bitnami's renowned practices on an SLSA3-compliant pipeline with verifiable signatures and rich metadata to help you inherently improve your security posture.
Read our documentation
The comprehensive metadata provided in the form of Vulnerability Exploitability eXchange (VEX) documentation, Software Bills of Materials and CVE scan results helps eliminate false positive CVE reports and achieve efficient management of risks posed by upstream vulnerabilities.
Customize the open source software you need at the base operating system (OS), language runtime and application layer levels. These customizations are baked into our delivery pipeline to ensure that the customized open source software you need is delivered as fully production-ready artifacts.
Read our blog
The open source software applications in the catalog are consistently packaged including all necessary dependencies and configurations, put through rigorous functionality and performance tests across multiple platforms, and delivered to you ready to deploy.
All open source software lifecycle management activities like security patching, version upgrading and dependency management are executed behind the scenes through automated processes, enabling your developers to focus on business innovation.
Get the option to use Photon OS, a VMware-maintained lean and lightweight Linux distribution, as the base operating system, and procure open source software application components with minimal vulnerabilities.
Move faster by leveraging secure, open source components for app development.
Developers can rapidly innovate with a self-service catalog of ready-to-deploy open source building blocks such as application components, databases and runtimes.
Platform engineers can gain the confidence that the open source software used by their development teams have minimal vulnerabilities, conform to enterprise security requirements, and are custom-configured per their requirements.
Accelerate application development with a catalog of ready-to-use open source containers, Helm charts and virtual machine images.
Browse an extensive library of 100+ production-ready open source software images which include all the necessary building blocks of modern applications like databases, language runtimes, message streaming services and API gateways so you can build your own custom catalog. Choose the form factor you need for each application in your curated catalog: container image, Helm chart or virtual machine.
Explore the catalog
For each application's base OS, either use VMware's lightweight Linux distribution, Photon OS, or choose from any of the other options we provide: Red Hat UBI, Ubuntu or Debian. You can also choose your own OS. Carry out any other language runtime or application level customizations as per your needs. Tanzu Application Catalog builds the applications in your curated catalog according to your customizations and tests them across all major Kubernetes platforms.
Read our documentation
Applications in your custom catalog are delivered as ready-to-deploy artifacts to a private registry of your choice or a VMware-hosted registry along with a comprehensive set of metadata including VEX, SBoMs and CVE scan reports. You can then deploy the applications without security-related issues, as the latest security patches and version upgrades are automatically delivered to you once they are available upstream.
Enable your developers to work with the open source software they need without worrying about regulatory compliance. Tanzu Application Catalog helps you improve your compliance posture by providing SLSA3-compliant open source software, STIG-compliant base image options and VEX documentation per CISA (Cybersecurity and Infrastructure Security Agency) guidelines.
All open source software-related day 0 and lifecycle management activities like packaging, patching, updating and baseline configuration activities are carried out by Tanzu Application Catalog, reducing developer toil and enabling them to focus on software development.
Our continuously-running build pipeline ensures that all security patches and open source software upgrades are made available to you as soon as they are released upstream.
Use the comprehensive metadata provided by Tanzu Application Catalog and get all the information you need for reliable and efficient upstream risk management and a stronger security posture.
Reduce the complexities associated with open source software and establish standardization by building a curated catalog for your development teams—configuring and customizing the applications to include enterprise tools and agents.
Avoid the hassle of having to deal with multiple open source software vendors. Instead, you can rely on the expertise of Bitnami and VMware to get your developers up and running with the open source software they need and love.
Tanzu Application Catalog, a component of Tanzu Platform, enables customers to build their own private catalog of custom-packaged open source application components that are continuously maintained and verifiably tested for use in production environments.
You choose any application in our curated catalog. You can find all our applications at app-catalog.vmware.com/catalog.
Tanzu Application Catalog provides out-of-the-box support for using the latest versions of Photon OS, Ubuntu, Red Hat UBI and Debian as the base image of your applications. Alternatively, you can use your own base image. View the list of base operating systems supported by Tanzu Application Catalog
Tanzu Application Catalog delivers open source software in the form of container images, Helm charts and Virtual machines. You get the option to choose the form factor you need.
Applications from Tanzu Application Catalog are platform-agnostic and can be deployed on any OCI-compliant Kubernetes environments, on any OCI-compliant container runtime and as VMs on VMware infrastructure. We test the applications in our catalog across all major Kubernetes platforms including Tanzu Kubernetes Grid, Google Kubernetes Engine, Amazon Elastic Container Service, Azure Kubernetes Service and Red Hat OpenShift, so that you can confidently deploy them on any platform of your choice. View our verification matrix
To ensure that all Tanzu Application Catalog images include the latest security fixes, Tanzu Application Catalog implements the following policies:
All container images, Helm charts and virtual machines available in the catalog are continuously verified to ensure they include the latest dependencies and minimal CVEs. New versions are only released after they meet specific conditions. This ensures that only relevant updates are delivered to customer registries.
Container images
A new container is triggered as long it fulfills any of the following cases:
Helm charts
A new Helm chart is triggered as long as it fulfills any of the following cases:
Virtual machines
A new VM is triggered as long it fulfills any of the following cases:
We recommend the open source Bitnami packages for development and UAT environment use cases. If you are from an enterprise software development team, Tanzu Application Catalog allows you to use open source software application components in mission-critical projects and production environments in a secure, sustainable and compliant manner. The following are some of the key benefits you can enjoy by upgrading to Tanzu Application Catalog: