Bitnami

We're delighted to share that Syft v1.20.0 has been released, and it represents a significant step forward for our open-source software composition analysis tool. Working with the community continues to be one of the most rewarding aspects of this project. A community member identified that certificate validation was being performed unnecessarily during DLL scanning on Windows, resulting in scans taking up to 50 minutes. With this insight, we've reduced those scan times to just a few minutes—a substantial improvement for our Windows users. The new release also includes dedicated support for Bitnami embedded SBOMs, allowing us to merge authoritative vendor data with Syft's comprehensive analysis capabilities. This wasn't a simple implementation, but the result is worth it: more accurate SBOMs that combine the best of both worlds. We've also addressed a challenge with license detection. When license files don't match a valid SPDX expression, they were sometimes marked as "unlicensed" even when valid license text was present. Our solution preserves the original license text when SPDX matching fails, ensuring you retain essential license information. The upgrade to Go 1.24 brings additional benefits: scan times are reduced by up to 20%, and Go module version detection capabilities are improved. We are truly grateful to everyone who contributed to this release. Open source thrives on collaboration, and Syft is no exception. If you're interested in software supply chain security, I encourage you to try it out: github.com/anchore/syft https://lnkd.in/ej669jNF

Efficiency Meets Security with Minimal Runtime Images Bitnami Premium and Tanzu Application Catalog now offer optimized, minimal container images based. Key features include: - Optimized runtimes for high performance and quick startup. - Enhanced security to ensure safe, compliant application delivery. - Compact and minimal – Less overhead for faster deployment. - Available in both Bitnami Premium & Tanzu Application Catalog - Debian-based images in Bitnami Premium. Debian or PhotonOS with FIPS and zero/near-zero CVEs in Tanzu Application Catalog. Discover how these new minimal runtimes can transform your app development: https://brcm.tech/3Qjt7he

Introducing Minimal Application Runtimes in Bitnami Premium & Tanzu Application Catalog! We’re making containerized application deployment even more efficient with our new minimal application runtimes: lightweight, secure, and optimized base images designed for production environments. ?? Bitnami Premium (Debian-based) → Trusted, enterprise-ready images with broad compatibility ?? Tanzu Application Catalog (Photon-based) → Secure, validated images with FIPS-compliant OpenSSL and zero/near-zero CVEs Why does this matter? ? Smaller footprint → Faster deployments, reduced attack surface ? Stronger security → Minimal dependencies, fewer vulnerabilities ? Optimized performance → Streamlined images for high-efficiency workloads With Bitnami Premium and Tanzu Application Catalog, enterprises can now leverage minimal runtimes for greater reliability and security. Learn more: https://lnkd.in/d_QREVpt #Bitnami #TanzuApplicationCatalog #MinimalRuntimes #SecureContainers #CloudNative #DevSecOps

Really thrilled to launch this new product Bitnami Premium that delivers a much-needed middle ground between the free Bitnami content and the highly customizable Tanzu Application Catalog. The Bitnami library of containers and Helm charts continues to deliver value to millions of developers and OSS communities. Now you can get that quality open source software with additional secure software supply chain features and enterprise support. Congrats to Bitnami engineering for once again being a small but mighty group that gets things done! And thank you to our amazing partners at Arrow ECS North America who are delivering a streamlined purchasing experience through ArrowSphere Marketplace, and Docker, Inc who are enabling seamless consumption of Bitnami Premium right in Docker Hub. Check out our blog for a lot more details! https://lnkd.in/geANrTMX

Exciting news from Bitnami! We’re launching Bitnami Premium, a new commercial version offering enterprise features, support, and supply chain security metadata. Plus, we’re thrilled to partner with Arrow Electronics, a global leader in tech distribution, to bring this offering to market via Docker Hub. Explore Bitnami Premium in the ArrowSphere Marketplace today! https://lnkd.in/dnavTmBS

Starting Today: Helm Charts are OCI-Only! This is a friendly reminder that Bitnami Helm Charts are now maintained exclusively as OCI artifacts in Docker Hub. The old repositories will no longer receive updates. Update your workflows to pull directly from the Docker Hub OCI registries for the latest chart versions. This move ensures a more reliable and secure Helm chart experience. Learn how to prepare here: https://lnkd.in/e4JE-RRD #HelmCharts #Kubernetes #Bitnami

We're excited to announce the latest VMware Tanzu Application Catalog release, which features global catalog insights and compliance results. With this update, you can now explore your open-source catalog in unprecedented detail. Get instant access to package information, vulnerability insights, and compliance data. Make informed decisions about your upgrade path and protect your systems with confidence. Read our latest blog to learn more! https://lnkd.in/dN-rZ9UB

??New blog just released: Building Custom Container & Helm Chart Catalogs via API with Tanzu Application Catalog Tanzu Application Catalog (TAC) helps secure your software supply chain and gives you complete visibility and control over open source software components. Curate your own OSS catalog, ensure only trusted software is used, and leverage TAC's API to integrate with custom portals or third-party systems. ??Read the full article to learn more! #TanzuApplicationCatalog #SecureSoftwareSupplyChain #OpenSourceSoftware #Cybersecurity

Ensuring the integrity and authenticity of container images is critical in securing the container supply chain. How can we verify these images originate from trusted vendors? How do we guarantee they are not altered since their creation? Bitnami and #Tanzu Application Catalog partnered with the #Notary Project community to implement image signing and verification at scale. If you are at #KubeCon China do not miss this session by Yi Zha and Beltran Rueda

??? Dive into the latest blog post on securing your software supply chain with #Tanzu Application Catalog and ARMO Kubescape ?? Discover how we tackle CVEs and misconfigurations to keep your Kubernetes deployments safe. Check it out: https://lnkd.in/dWR3pEsX