Thursday, February 29, 2024

What’s new with Bitnami Application Catalog - Feb 2024 Edition

 Helping customers in their AI/ML journeys

Our focus on adding more Artificial Intelligence and Machine Learning (AI and ML)-related applications to our catalog to keep up with the increasing demand has led our team to write a series of “how to” blog posts. These blogs aim to help you get started with some popular AI/ML-related applications in our catalog and make the best use of them.

  • MLflow is an open source platform for managing the end-to-end machine learning lifecycle. This blog post helps you learn how to obtain the Bitnami-packaged MLflow Helm chart, how to deploy the Helm chart, and, finally, how to run some ML experiments to gather metrics. It also  provides a basic blueprint to help you integrate the MLflow module into your ML experiment.

  • Milvus is an open source vector database built for the development and maintenance of AI applications. Read this blog to learn how to obtain the Bitnami-packaged Milvus Helm chart and how to build an intelligent chatbot using Milvus and the BERT model for natural language processing (NLP).

  • OpenSearch is an open source search and analytics suite used for real-time application monitoring, log analytics, website search, and more. Read this blog to learn how to deploy Bitnami-packaged OpenSearch Helm chart, how to access the OpenSearch dashboard, and how to use the OpenSearch API.

A Seamless GitOps Experience: Integrating sealed secrets with Bitnami charts

If you are a developer who works with Bitnami packages, you’ve probably asked questions like what’s the best method to deploy a Bitnami chart with a specific password written in the values.yaml file? or what is the best way to use Bitnami charts with solutions like ArgoCD.  Using Sealed Secrets with existing Secrets is a valid approach if you are trying to deploy Sealed Secrets in your cluster. However, this could be a toilsome and complex approach. Read this blog to learn how you can avoid this toil by using a parameter called extraDeploy in the values.yaml file of Bitnami packages.

Apply user-defined application level customizations to meet enterprise policies

Tanzu Application Catalog, an enterprise version of Bitnami Application Catalog, now allows applying user-defined application customizations to all container images in the catalog. With this new capability, you can add application-specific post-build scripts into the Tanzu Application Catalog build process so your artifacts meet requirements such as installing certificates, adding plug-ins, or removing libraries or components from each container image. Read this tutorial to get step-by-step guidance on how to apply customizations to Tanzu Application Catalog container images.

SLSA Level 3 – Compliant Supply Chain to Deliver Enterprise-grade Open Source Software

If you love working with the Bitnami packages but at the same time need them delivered through a SLSA-3 compliant pipeline, you can now leverage Tanzu Application Catalog. Tanzu Application Catalog is fully compliant with Supply Chain Levels for Software Artifacts (SLSA) Level 3 security. This means that all the open source software packages delivered by Tanzu Application Catalog meet the SLSA Level 3 standards. This means that enterprises can use Tanzu Application Catalog to bake in your app-specific customizations with a SLSA 3-compliant supply chain. By doing so, you can get OSS containers that are customized for your requirements, ready to be deployed out of the box along with valid signatures and SBOMs, and built on a SLSA 3 pipeline.

For more details, check out this blog.

CNCF incubating project Notation for signing and verifying OCI artifacts

Tanzu Application Catalog now leverages Notation (in addition to Cosign) for signing and verifying Open Container Initiative (OCI) artifacts (container images, Helm charts, and metadata bundles). Notation is a CLI project that enables the addition of signatures as standard items in the OCI registry ecosystem and the ability to build a set of simple tooling to sign and verify these signatures. Notation is an implementation of the Notary Project specifications and is a CNCF incubating project.

For more details, see our blog.

Educational Resources

CCS Insight Report: Bringing Order to Open Source Software Deployment through Curated Catalogs

A new technology research paper by tech research and advisory firm CCS Insight sheds light on the challenges enterprises face when managing open source software. The report offers insights into the value provided by Tanzu Application Catalog, and you can. Download the report to understand how you can bring order to your open source software deployments.

Mitigating Open Source Software Supply Chain Risks (on-demand webinar)

Watch Brad Bock, Product Manager, Bitnami & Tanzu Application Catalog, take a deep dive into how enterprises can leverage Tanzu Application Catalog to improve your supply chain security without any compromise to developer experience in this webinar, now available for on-demand watch. 

Maximizing the power of VEX, SBoMs and CVE scan results for an efficient vulnerability assessment

With VEX, SBoMs, and CVE scan results, Tanzu Application Catalog acts as a centralized source of truth where you can not only get customizable, trusted, and verified OSS applications and components to build applications, but also get all the information required to efficiently manage and assess the vulnerabilities that may pose risk to your software supply chain.

Read this blog to learn more about VEX documentation, SBoMs and CVE scan results in Tanzu Application Catalog.