|
|
@@ -1,5 +1,6 @@
|
|
|
+<!-- markdownlint-disable MD041 -->
|
|
|
<p align="center">
|
|
|
- <img width="400px" height=auto src="https://bitnami.com/downloads/logos/bitnami-by-vmware.png" />
|
|
|
+ <img width="400px" height=auto src="https://dyltqmyl993wv.cloudfront.net/bitnami/bitnami-by-vmware.png" />
|
|
|
</p>
|
|
|
|
|
|
<p align="center">
|
|
|
@@ -70,16 +71,16 @@ Useful Helm Client Commands:
|
|
|
|
|
|
Enterprises that love Bitnami can now purchase a Bitnami Premium subscription from [Arrow Electronics](https://www.arrow.com/globalecs/na/vendors/bitnami?utm_source=github&utm_medium=charts) and consume the containers and Helm charts right in Docker Hub. Bitnami Premium users will get access to private Docker Hub repositories with the same containers and Helm charts they are used to, plus new commercial features including:
|
|
|
|
|
|
-* Enterprise support for all 500+ Bitnami Premium packages
|
|
|
-* All LTS branches of all Bitnami application packages maintained up-to-date
|
|
|
-* Unlimited pulls of all Bitnami Premium containers and Helm charts from Docker Hub
|
|
|
-* Secure software supply chain metadata including Software Bills of Material (SBOMs), SLSA 3 pipeline validation with in-toto attestations, Notation and Cosign signatures, Build-time CVE and anti-virus scan reports, and more.
|
|
|
+- Enterprise support for all 500+ Bitnami Premium packages
|
|
|
+- All LTS branches of all Bitnami application packages maintained up-to-date
|
|
|
+- Unlimited pulls of all Bitnami Premium containers and Helm charts from Docker Hub
|
|
|
+- Secure software supply chain metadata including Software Bills of Material (SBOMs), SLSA 3 pipeline validation with in-toto attestations, Notation and Cosign signatures, Build-time CVE and anti-virus scan reports, and more.
|
|
|
|
|
|
Alongside the launch of Bitnami Premium, we are making some changes to how we deliver the Bitnami Application Catalog:
|
|
|
|
|
|
-* Unlimited pulls from Docker Hub will no longer be available. Free Bitnami Application Catalog containers and charts will be subject to the same limits as any other Docker Hub repos starting December 16th, 2024. Pulls of Bitnami Premium containers and Helm charts will not count towards your [Docker Hub pull](https://hub.docker.com/usage/pulls) limits or overages.
|
|
|
-* Long-term-support (LTS) branches of the software we package will no longer be maintained in the free Bitnami Application Catalog. To continue receiving updates for LTS branches of packages, you will have to upgrade to Bitnami Premium.
|
|
|
-* We are improving Bitnami Application Catalog users’ supply chain security through additional integrity checks in our Helm chart installation process. These checks enable users to be aware when they are using containers that were not created and tested by Bitnami.
|
|
|
+- Unlimited pulls from Docker Hub will no longer be available. Free Bitnami Application Catalog containers and charts will be subject to the same limits as any other Docker Hub repos starting December 16th, 2024. Pulls of Bitnami Premium containers and Helm charts will not count towards your [Docker Hub pull](https://hub.docker.com/usage/pulls) limits or overages.
|
|
|
+- Long-term-support (LTS) branches of the software we package will no longer be maintained in the free Bitnami Application Catalog. To continue receiving updates for LTS branches of packages, you will have to upgrade to Bitnami Premium.
|
|
|
+- We are improving Bitnami Application Catalog users’ supply chain security through additional integrity checks in our Helm chart installation process. These checks enable users to be aware when they are using containers that were not created and tested by Bitnami.
|
|
|
|
|
|
These changes enable us to deliver a premium Bitnami experience to our enterprise users who will benefit from support and security metadata, but who do not need the extensive customization that is core to our other commercial offering called [Tanzu Application Catalog](https://www.vmware.com/products/app-platform/tanzu-application-catalog) (TAC). We are committed to continue delivering free Bitnami Application Catalog content to our community of developers and other open source project maintainers over the long term.
|
|
|
|
|
|
@@ -93,17 +94,17 @@ Bitnami Premium is a new version of the content packaged by Bitnami that is sold
|
|
|
|
|
|
In Bitnami Premium, all of the applications are built on Debian just as they are in the free Bitnami library. You get the entire library of containers and Helm charts kept up-to-date with the latest changes anywhere in each app from the OS to the application code itself. You can consume the content through Docker Hub where you’ve already been pulling it to date. However, in the Bitnami Premium registries, you will also find important software supply chain security metadata delivered as OCI artifacts alongside the containers and Helm charts. This metadata is useful for enterprises that need third-party open source software to be compliant with policies around auditability, supply chain integrity, and time to remediation of vulnerabilities.
|
|
|
|
|
|
-* **Supply chain security and integrity**: Bitnami Premium containers and Helm charts are built on an SLSA 3 pipeline, with attestations and signatures serving as proof that the software you’re deploying in your clusters is what you expect and has not been tampered with.
|
|
|
-* **Software bills of material (SBOMs)**: At both the Helm chart and container levels, SBOMs give you fine-grained insight into the contents of every package. Bitnami Premium also includes build-time CVE scans and anti-virus reports (helpful for our Federal government customers). This will make it far easier to continuously validate the integrity of software supply chains and to track and triage vulnerabilities as they are discovered and patched.
|
|
|
-* **Build time CVE scans, anti-virus scans, and more**: also included with Bitnami Premium content are Trivy CVE scan results and ClamAV scan results that satisfy requirements for, among other things, doing business with the US Federal government. You will also find the results of Bitnami’s automated functional tests that run as part of every artifact update, trigger information that specifies why the latest update was released, and more.
|
|
|
+- **Supply chain security and integrity**: Bitnami Premium containers and Helm charts are built on an SLSA 3 pipeline, with attestations and signatures serving as proof that the software you’re deploying in your clusters is what you expect and has not been tampered with.
|
|
|
+- **Software bills of material (SBOMs)**: At both the Helm chart and container levels, SBOMs give you fine-grained insight into the contents of every package. Bitnami Premium also includes build-time CVE scans and anti-virus reports (helpful for our Federal government customers). This will make it far easier to continuously validate the integrity of software supply chains and to track and triage vulnerabilities as they are discovered and patched.
|
|
|
+- **Build time CVE scans, anti-virus scans, and more**: also included with Bitnami Premium content are Trivy CVE scan results and ClamAV scan results that satisfy requirements for, among other things, doing business with the US Federal government. You will also find the results of Bitnami’s automated functional tests that run as part of every artifact update, trigger information that specifies why the latest update was released, and more.
|
|
|
|
|
|
Bitnami Premium differs from Tanzu Application Catalog in that, just like our free Bitnami content, it is a one-size-fits-all library of containers and Helm charts all built on Debian. Tanzu Application Catalog gives you the ability to customize your artifacts along many different dimensions. Some of the key differences include:
|
|
|
|
|
|
-* **Private delivery**: TAC containers and Helm charts are delivered directly to your private registries, or are hosted in a private registry maintained by us that you can pull from.
|
|
|
-* **Choose a Linux distro or use your own “golden image”**: TAC gives you the ability to choose among four supported Linux distros: Debian, Ubuntu, RedHat UBI, or VMware’s own PhotonOS. All of the software packages on these distributions are maintained up-to-date and are tested to work in multiple Kubernetes environments as part of the release process. You can also use your own golden image: we’ll build and maintain the artifacts on top of it. For customers that need it, PhotonOS includes FIPS OpenSSL, is STIG-compliant, and includes zero/minimal CVES with VEX statements to triage any remaining ones.
|
|
|
-* **App-specific customization**: With TAC, you can inject your own customizations such as user settings, certificates, or plugins into our SLSA 3 pipeline, so the artifacts you receive are truly promotable to production environments.
|
|
|
-* **Software knowledge graph**: This keeps track of all your software dependencies at the individual package level. It continuously scans them for vulnerabilities, and organizes them into a searchable graph database so you can see in real-time which versions of which apps are affected and patched. It also includes useful information such as open source licenses, package management ecosystem data, and more.
|
|
|
-* **UI and API**: TAC includes access to a user interface where you can add and remove applications from your catalog, and interact with the software knowledge graph to see at-a-glance details about your software. The [TAC API](https://developer.broadcom.com/xapis/application-catalog/latest/) enables you to build information from the software knowledge graph into your pipelines to ensure you are keeping your applications up-to-date with the latest patched applications.
|
|
|
+- **Private delivery**: TAC containers and Helm charts are delivered directly to your private registries, or are hosted in a private registry maintained by us that you can pull from.
|
|
|
+- **Choose a Linux distro or use your own “golden image”**: TAC gives you the ability to choose among four supported Linux distros: Debian, Ubuntu, RedHat UBI, or VMware’s own PhotonOS. All of the software packages on these distributions are maintained up-to-date and are tested to work in multiple Kubernetes environments as part of the release process. You can also use your own golden image: we’ll build and maintain the artifacts on top of it. For customers that need it, PhotonOS includes FIPS OpenSSL, is STIG-compliant, and includes zero/minimal CVES with VEX statements to triage any remaining ones.
|
|
|
+- **App-specific customization**: With TAC, you can inject your own customizations such as user settings, certificates, or plugins into our SLSA 3 pipeline, so the artifacts you receive are truly promotable to production environments.
|
|
|
+- **Software knowledge graph**: This keeps track of all your software dependencies at the individual package level. It continuously scans them for vulnerabilities, and organizes them into a searchable graph database so you can see in real-time which versions of which apps are affected and patched. It also includes useful information such as open source licenses, package management ecosystem data, and more.
|
|
|
+- **UI and API**: TAC includes access to a user interface where you can add and remove applications from your catalog, and interact with the software knowledge graph to see at-a-glance details about your software. The [TAC API](https://developer.broadcom.com/xapis/application-catalog/latest/) enables you to build information from the software knowledge graph into your pipelines to ensure you are keeping your applications up-to-date with the latest patched applications.
|
|
|
|
|
|
### Continuing our long tradition of partnerships
|
|
|
|
Juan José Martos