VMware Tanzu Application Catalog delivers Vulnerability Exploitability eXchange (VEX) documentation to help customers gain actionable visibility into exploitable upstream vulnerabilities, make well-informed security decisions, and avoid spending time and effort trying to fix unexploitable vulnerabilities in their applications. Read more about this capability
Related content in this Stream
Gain Insights into the Risks You Face from Open Source Dependencies with VMware Tanzu OSS Health Assessment
Get a clear picture of your OSS supply chain, and the risks you face from your open source software dependencies, using the all-new Tanzu OSS Health Assessment.
Enabling Efficient Vulnerability Management with VEX, SBoM & CVE Scan Results
Enhance software supply chain security with VEX, SBoM & CVE scan reports. Tanzu Application Catalog optimizes risk assessment for DevSecOps.
Reduce Noise from False Positives in your Trivy CVE report with VEX from VMware Tanzu Application Catalog
Trivy can now utilize CSAF VEX data to filter out false positives in CVE reports, maximizing the value of VEX documents in VMware Tanzu Application Catalog.
Bitnami-Packaged Containers and Helm Charts on DockerHub are Now Signed by Notation
Bitnami-packaged open source software container images available in DockerHub are now signed by Notation, an implementation of the Notary Project specifications and a CNCF-incubating project.
18:21Demo: Deploying open source software from Tanzu Application Catalog in Air-gapped Environments
There are many tools in the market to facilitate the deployment of open source software as containers in an air-gapped environment. But deploying open source software as Helm charts in an air-gapped e
What's new with Tanzu Application Catalog
Welcome to another edition of What’s new with Tanzu Application Catalog. This is a quarterly round up of all things related to Tanzu Application Catalog.
6:50SPDX Software Bill of Materials in Tanzu Application Catalog
Learn how you can gain deep visibility into your open source software supply chain with the Software Package Data Exchange (SPDX) standard software bill of materials (SBoM) from Tanzu Application Cata
Tanzu Application Catalog: Enabling Stronger Alignment with Data Residency Requirements
Tanzu Application Catalog now enables enterprises to meet data residency and data localization requirements while working with open source software.
14:41Demo: Tanzu Application Catalog
Tanzu Application Catalog (an enterprise version of Bitnami Application Catalog) is a catalog of trusted, continuously maintained, and verifiably tested open source software images that is custom-buil
Get SLSA Level 3-Compliant Open Source Software from Tanzu Application Catalog
With Tanzu Application Catalog, enterprises can get open source software that is customized per their requirements, fully ready to be deployed, easy to use, and built on a SLSA L3 pipeline.
CCS Insight Report: Bringing Order to Open Source Software Deployment through Curated Catalogs
A new technology research paper by CCS Insight sheds light on the challenges enterprises face using open source software and offers insights into the value provided by Tanzu Application Catalog.
Tanzu Application Catalog: Mitigating Upstream CVE Risks without Compromising Quality
Reducing the number of CVEs in software is an important practice. But if compliance adherence becomes an obsession, bad practices that lower software quality will be adopted to achieve it.
Tanzu Application Catalog Leverages Notation to Deliver Stronger Software Supply Chain Security
Tanzu Application Catalog extends its software supply chain security capabilities by leveraging Notation for signing and verifying production-ready open source software artifacts.
Tanzu Application Catalog Embraces ARM: A Leap Toward Versatility and Efficiency
Tanzu Application Catalog now ships multi-architecture container images, supporting both ARM64 as well as x86-64.
Kubeapps: An Open Source Application Dashboard for Kubernetes from Bitnami by VMware Tanzu
Learn about Kubeapps, one of the open source projects the VMware Bitnami team contributes to, and how you can use it to simplify your Kubernetes application deployments.
How VEX leverages SBoMs and CVE scan results for an efficient vulnerability assessment
With VEX, SBoMs, and CVE scan results, Tanzu Application Catalog provides as a centralized source of truth where you can, not only get customizable, trusted and verified OSS applications and...
A Seamless GitOps Experience: Integrating Sealed Secrets with Bitnami Charts
In a previous article, we explained how to use Sealed Secrets with existing Secrets. This approach is totally valid if you are trying to deploy Sealed Secrets in your cluster. However, this could...
What's new with Tanzu Application Catalog - Nov 2023
VMware Tanzu Application Catalog now comes with several exciting new features like VEX documentation, ARM support, and graphical SBOMs, to help customers better manage security risks and...