Tanzu Application Platform 1.4 Reduces Developer Toil, Enhances Operations and Security Outcomes

January 24, 2023 Denise Martinez

VMware has released new capabilities in VMware Tanzu Application Platform that can continue to elevate the developer and IT operations experiences, as well as ease security management. This blog post outlines the new functionality included in Tanzu Application Platform 1.4, which is generally available now. 

Reduced developer toil and operational efficiency at scale 

An improved experience for Java developers in Visual Studio Code and IntelliJ IDE offers the ability to provision a Git repository when creating a project using Application Accelerator for VMware Tanzu in Visual Studio Code IDE. The generated code will be pushed to the provisioned repository, so developers can just commit their changes to the repository instead of using a manual set of steps.

Screenshot showing an app accelerator integrated in Visual Studio Code 

App accelerator integrated in Visual Studio Code 

The developer sandbox for Visual Studio Code and IntelliJ allows developers to live-update their code—as well as simultaneously debug the updated code—without having to turn off Live Update when debugging. This can make iteration on code even faster, as a full build of code is not necessary when launching a debug session. Source code changes can be continuously synced with the running container.

Watch this video introduction to Tanzu Application Platform's New Tanzu Panel in IntelliJ.

Developers can now troubleshoot errors as source code is built and deployed via the supply chain on the development cluster, from within the IntelliJ IDE. The Activity Pane in the Tanzu Panel  can visualize supply chain steps, displays detailed error messages, and allow developers to view logs of resources without leaving their IDE—eliminating having to context switch.

Screenshot of the Activity Pane in Tanzu Application Platform 1.4

The Activity Pane in the Tanzu Panel visualizes supply chain steps and more.

Tanzu Application Platform 1.4 also offers increased agility through API lifecycle management. Tanzu Application Platform supports teams in the design, implementation, and management of APIs. With Tanzu Application Platform 1.3, you could configure workloads with their associated API specification and automatically expose these in the Tanzu Application Platform GUI, using out-of-the-box, secure supply chains.

The 1.4 release builds on this API delivery and discovery automation with a new capability that can expose API maturity scoring for OpenAPI specifications. This analysis of OpenAPI specifications can help developers improve not only specification adherence, but also help them identify potential security- and content-related opportunities. The VMware Tanzu team is gathering user feedback on this alpha feature to inform future API lifecycle management capabilities on the road map.

Screenshot of API scoring in Tanzu Application Platform 1.4

 A new capability that exposes API maturity scoring for OpenAPI specifications

This release enables operations teams to automate creation of resources in namespaces. Provisioning multiple developer namespaces in a shared cluster is a core benefit of Tanzu Application Platform. The new Namespace Provisioner component can provide operators a simple way to provision resources in developer namespaces, and it’s compatible with existing tooling for organizations that have already adopted Kubernetes solutions.

Screenshot of the Namespace Provisioner in Tanzu Application Platform 1.4

The Namespace Provisioner component provides operators a simple way to provision resources in developer namespaces.

Namespace Provisioner can make it easier and faster for large development teams to get started using Tanzu Application Platform while increasing security. IT operators can leverage the automated namespace provisioner or create an easy-to-use, GitOps-driven developer namespace provisioning approach. The capability provisions all Tanzu Application Platform–namespaced resources and also allows IT operations to include their own custom resources.

New buildpack improvements increase the breadth and depth of buildpack capabilities in Tanzu Application Platform, for example:

  • The Tanzu PHP Buildpack for building web applications is now generally available and installed as part of Tanzu Application Platform

  • You can build front-end Javascript, Ruby, and Go applications on Ubuntu 22.04

The developer experience is improved for rapid iteration on code for .Net Core apps. Tanzu Application Platform 1.4 offers expanded coverage of popular languages and frameworks, including VMware Tanzu Developer Tools for Visual Studio, thus enabling .Net Core developers to rapidly iterate on their code with Tanzu Application Platform using Live Update and remote debugging on a Kubernetes cluster—all in their preferred IDE. Developers can deploy their .Net Core applications and manage the lifecycle of application workloads right from their IDE, following their familiar workflows.

Screenshot showing .NET Core integration in Tanzu Application Platform 1.4

Deploy .Net Core applications and manage the lifecycle of workloads right from your IDE.

Enhanced IT operations experiences for Jenkins and Kaniko integrations allow Tanzu Application Platform to meet customers where they are, supporting customization and using their existing development tools and pipelines in their paths to production. With the 1.4 release, customers can integrate Kaniko as their build service in order to easily access the results of each build in their supply chain, including build logs. Similarly, when a Jenkins pipeline is in use for testing, the outcomes of those tests are readily available in a detailed view, giving customers the ability to see the health of tests run against their workloads—directly in their tool of choice. 

Screenshot showing Jenkins integration in Tanzu Application Platform 1.4

Enhanced Jenkins integration

Customization of supply chain stages with Tekton integration is easier. Tanzu Application Platform helps organizations build secure paths to production by providing out-of-the-box defaults and supporting tools that teams may have already adopted. Add customized steps in the path to production with first-class support for custom Tekton tasks in Supply Chain Choreographer. Build a task to perform any action needed, or grab and use an already existing task from the Tekton Hub ecosystem.

Screenshot showing flexible Tekton integration in Tanzu Application Platform

Flexible Tekton Integration 

In addition, single sign-on support for enterprise usage is expanding:

  • Tanzu Application Platform 1.4 supports Lightweight Directory Access Protocol (LDAP) to allow single sign-on for users in Active Directory, a service widely adopted by enterprise organizations.

  • Organizations can bring their own Redis Cache server to enable high availability in the production environment.

Centralized security management for multi-cluster and multi-cloud environments

Tanzu Application Platform build and run clusters now have enhanced security with Tanzu Service Mesh. One key ingredient to delivering a secure application is the ability to set up networking and mTLS communication between clusters, and to provide a central management plane for Istio, with observability and resilience for Kubernetes workloads.

Tanzu Service Mesh’s Istio-based service mesh addresses this using its Global Namespace (GNS) to set up a secure network across a multi-cluster and multi-cloud environment. Tanzu Application Platform 1.4 enables users to set up networking and secure communication between Kubernetes deployment on clusters running a Tanzu Application Platform application. Additionally, users can use Istio as the standard for managing gateway (ingress/egress) communication from the Istio gateway for both build service and for running applications.

Watch how it works in this video:

The Security Analysis tab helps users spot vulnerabilities along with their severity levels and impacted workloads. The tab’s new tables help users relate impacted workloads to a particular CVE or package. The “Workload Builds Using Package” and “Impacted Workload Builds” CVE tables can be accessed by clicking on a package or CVE on a workload’s supply chain Source or Image scan stage. This helps users avoid the manual task of asking teams to check on this themselves and, more importantly, can increase confidence that they have accurately and completely identified all affected packages.

Screenshot showing how the new Security Analysis tab in Tanzu Application Platform 1.4 helps review CVEs

Security Analysis tab

Scanner configuration in controlled, air-gapped environments has been made easier. Tanzu Application Platform helps keep your workloads secure, even in highly controlled, air-gapped environments. By eliminating overlay YAMLs as part of the install process, Tanzu Application Platform 1.4 can simplify the air-gapped install experience for Grype. It enables platform operations teams to focus on security and compliance goals, rather than install configuration complexity.

Support for custom certificate authorities (CAs) with Grype and Snyk scanner integrations allows for greater compatibility between Tanzu Application Platform and development teams’ existing environments. This capability enables secure supply chains to successfully scan target container registries that are configured with trusted CA certs. 

VMware Carbon Black cloud image scanning has been enhanced. In Tanzu Application Platform 1.3, we announced integration with VMware Carbon Black Container vulnerability scanning to provide further solution options to secure your software supply chain. In Tanzu Application Platform 1.4, we have enhanced that integration to support Carbon Black Container image scanning on AWS Elastic Container Registry (ECR). This allows users who choose the Carbon Black Cloud container image scanner to natively leverage ECR using IAM roles bound to Kubernetes service accounts, rather than traditional credentials stored in secrets. 

The Carbon Black Container image scanning has been further enhanced to include support for Cloud Native Buildpacks by leveraging the provided software bill of materials (SBOM), in order to help provide greater scanning coverage.

Why Fiserv chose Tanzu Application Platform

Fiserv Senior Vice President Tom Eck shares his company’s digital transformation journey, and why prioritizing developer experience is a must. Read the full story here. 

Learn more

For more information about Tanzu Application Platform, join us virtually at SpringOne Essentials, see the Tanzu Application Platform product page, and check out the Tanzu Application Platform Tech Zone page. You can also join our upcoming live webinar, What’s New with Tanzu Application Platform, on February 16 and airing in the Pacific time zone and European time zones, and available minutes later on-demand.

See a roundup of everything announced today at SpringOne Essentials.

About the Author

Denise Martinez

Denise Martinez is a product marketing manager for Tanzu Application Platform at VMware, and is based in San Francisco.

More Content by Denise Martinez
How Bitnami Uses VMware Image Builder to Deploy 60k Apps Per Month and How You Can Do the Same
How Bitnami Uses VMware Image Builder to Deploy 60k Apps Per Month and How You Can Do the Same

Bitnami by VMware builds, deploys, and verifies 2,000 applications per day. But how does it accomplish this...

Spring for VMware GemFire is Now Available
Spring for VMware GemFire is Now Available

We are pleased to reintroduce Spring for VMware GemFire! The Spring for VMware GemFire dependencies bring t...