Devsecops In Practice With Vmware Tanzu Pdf -
TBS automates container image creation and patching using Cloud Native Buildpacks. From a security perspective:
Practice: Enforce that only TBS-generated, signed images can run in production clusters. devsecops in practice with vmware tanzu pdf
A typical DevSecOps pipeline using VMware Tanzu includes the following stages: TBS automates container image creation and patching using
| Stage | Tanzu Component | Security Action |
|--------|----------------|------------------|
| Code & Commit | Git (any) + Tanzu CLI | SAST (e.g., Grype, Snyk) |
| Image Build | Tanzu Build Service (kpack + Buildpacks) | Base OS patch management; SBOM generation |
| Image Registry | Harbor (integrated with Tanzu) | Vulnerability scanning; image signing (Cosign/Notary) |
| Supply Chain | Tanzu Supply Chain / Cartographer | Policy validation (OPA/Gatekeeper) |
| Deployment | Tanzu Kubernetes Grid | Network policies; Pod Security Standards |
| Runtime | Tanzu Observability + Tanzu Security | Runtime threat detection; audit logging | Practice: Enforce that only TBS-generated, signed images can
DevSecOps begins before compilation. With Tanzu, you integrate GitHub Advanced Security or GitLab SAST into your repository. Tanzu Build Service automatically detects code changes. The policy: No commit to main passes without a passing Static Application Security Testing (SAST) score.
