The latest update to the VMware Tanzu Community Edition further streamlines the path to production with the addition of Cartographer, an open source project to build and manage modern secure software supply chains. (Read more about the announcement here.)
First announced at DevOps Loop 2021, Tanzu Community Edition is a freely available, community-supported, open source distribution of VMware Tanzu with a goal to provide a rich experience on Kubernetes for both developers and platform operators. The initial release was focused on providing a full-featured, easy-to-manage Kubernetes platform. Since then, the project has steadily been adding support to develop and deploy cloud native applications atop this base by incorporating the open source technologies that underpin the VMware Tanzu Application Platform.
The addition of Cartographer is an exciting milestone for Tanzu Community Edition. Prior releases along with this one provide a curated set of foundational components needed to build and deploy applications—Flux CD source controller, kpack, Harbor, and Knative Serving. Now using Cartographer, the DevSecOps teams can stitch these components together to build a secure software supply chain that can take apps from source code to production. Let’s take a look at why you should consider Cartographer for building your secure software supply chains.
Achieve critical DevSecOps outcomes using Cartographer
The top five reasons to pick up Cartographer, whether you are new to the technology or have been on the fence to make the move:
For application developers:
Boost developer productivity
Developers get approved, preconfigured secure software supply chains. They don’t need to be Kubernetes experts and can focus on writing code and getting value in the hands of their users faster.
For security teams:
Integrate security in software supply chain
Cartographer enables you to bake in security tools (e.g., scanning, signing, patching, and inventorying dependencies) and to embed security guardrails and policy enforcements in the software supply chain making it even more secure.
For platform operators:
Build modern secure software supply chains with ease at scale
With Cartographer, you can create preconfigured secure software supply chains from approved, reusable components enabling consistency and maintainability at scale.
Simplify Day 2 operations
Cartographer checks the levers for a smooth Day 2 experience, including supply chain reuse across multiple applications and event-driven triggers for platform level updates independent of code commits (e.g., security scans, CVE patching, OS patching).
Avoid vendor lock-in
Cartographer is an open source project that can be deployed on any Kubernetes platform. It simplifies the building of pre-approved software supply chains by incorporating any Kubernetes-based supply chain resource or tool. Furthermore, these supply chains can be deployed on any Kubernetes platform.
Try Cartographer to build your own secure, adaptable supply chains using Tanzu Community Edition
Download the latest freely available version of Tanzu Community Edition and get all the components you need to get started building your software supply chain with Cartographer. Use Flux CD source controller to poll your source repository, kpack to build container images, Harbor to sign, scan, and store these images, and then deploy and run them using Knative Serving.
This article may contain hyperlinks to non-VMware websites that are created and maintained by third parties who are solely responsible for the content on such websites.