Broadcom reduces the Bitnami catalog to hardened images
The Bitnami directory now only contains hardened images. Broadcom will no longer maintain all others or will only offer them to premium customers.
(Image: Sasime/Shutterstock.com)
Broadcom is changing the Bitnami catalog, which will only contain hardened images in the future. The other images will be moved to a legacy catalog that Broadcom will no longer maintain. In addition, Bitnami Secure Images are available as premium packages with special updates, transparency, and security guarantees.
The central Bitnami catalog, a collection of ready-to-use application packages, will only contain images with a smaller attack surface that, according to the blog entry, have “fewer” CVE vulnerabilities. Furthermore, the directory may now only offer packages with the latest tag. Broadcom is moving all others to a legacy catalog, the contents of which are no longer maintained by the manufacturer. Exceptions to this are the Sealed Secrets and minideb projects. The new offer corresponds to the previous Secure catalog.
Legacy or Premium?
For users whose Helm pulls come to nothing, Broadcom recommends upgrading to the same version and changing the repository parameter to the legacy directory. Alternatively, the new premium images can be used. It is not clear from Broadcom's announcement which packages are only legacy or require a premium account.
Videos by heise
The 280 premium packages are available via the Broadcom distributor Arrow. The provider manages them and has optimized them for high security. It promises minimal CVE attack surfaces, updates within hours, and full transparency even for unpatched CVE vulnerabilities. This is intended to make supply chain attacks more difficult and enable IT managers to manage real risk. Also new are minimal, distroless Helm charts, which are up to 83 percent smaller and only require half of the packages at runtime.
There is also long-term support, a metadata API (with SBOMs and VEX), and support for Photon OS.
Bitnami has been part of Broadcom since the VMware takeover. The virtualization provider acquired Bitnami in mid-2019.
(who)
