TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
 
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
NEW! Try Stackie AI
Cloud Native Ecosystem Containers Databases Edge Computing Infrastructure as Code Linux Microservices Open Source Networking Storage
Broadcom Ends Free Bitnami Images, Forcing Users To Find Alternatives
Sep 30th 2025 8:00am, by Joab Jackson
Only 27% of Organizations Have Full-Stack Observability, Says Report
Sep 19th 2025 10:00am, by Heather Joslyn and Lawrence E Hecht
AI Agents vs. Agentic AI: A Kubernetes Developer’s Guide
Sep 10th 2025 7:00am, by Janakiram MSV
OpenSearch 3.2 Delivers Hybrid Search, Enhanced Observability Tools
Aug 27th 2025 4:00pm, by B. Cameron Gain
Why Federated API Management Is Essential for Hybrid Cloud
Aug 27th 2025 9:00am, by Matthias Biehl
How To Deploy a Full-Stack, Containerized Network Infrastructure Visualizer
Sep 24th 2025 1:00pm, by Jack Wallen
Docker Containers That Could Be Essential for Your Small Business
Sep 18th 2025 7:00am, by Jack Wallen
How to Self-Host Your Notes With Trilium and Docker
Sep 13th 2025 7:00am, by Jack Wallen
Why Chainguard Is Doubling Down on Virtual Machines in a Container World
Sep 5th 2025 2:00pm, by Darryl K. Taft
Pods Is a Handy Linux GUI for Managing Your Podman Containers
Sep 3rd 2025 6:00am, by Jack Wallen
Why pgEdge 'Ripped the Band-Aid Off' To Go Totally Open Source
Sep 26th 2025 10:00am, by Susan Hall
Consistency at Scale: Unifying Temporal and YugabyteDB
Sep 25th 2025 8:00am, by Greg Haskins
How We Cut Telemetry Queries to Under 10 Milliseconds
Sep 22nd 2025 8:00am, by Heather Downing
How InfluxDB 3 Brings Processing Directly Into the Database
Sep 17th 2025 10:00am, by Jelani Harper
Agent-Infused MongoDB Tackles Application Modernization
Sep 16th 2025 1:00pm, by Jelani Harper
Why the Edge Isn't Just 'Cloud Computing, But Closer'
Sep 16th 2025 9:00am, by Charles Humble
Kubernetes at the Edge: Deploy With Confidence and Control
Aug 19th 2025 10:00am, by Vicki Walker
Scaling AI Inference at the Edge With Distributed PostgreSQL
Jul 21st 2025 9:00am, by Meredith Shubel
6 Design Principles for Edge Computing Systems
Jul 17th 2025 7:00am, by Joab Jackson
How To Build Smarter Factories With Edge Computing
Jul 8th 2025 10:00am, by Kristopher Clark
Project infragraph: IBM's Real-Time Model for Infrastructure Assets
Sep 26th 2025 4:00am, by Joab Jackson
Chef Creator Unveils AI Platform To Fix Flaws With Infrastructure Automation
Aug 27th 2025 8:00am, by Heather Joslyn
Platform Engineering Is Failing — Here's Why Infrastructure Comes First
Aug 7th 2025 10:00am, by Lukas Gentele
How To Use AI To Design Intelligent, Adaptable Infrastructure
Aug 1st 2025 10:00am, by Dharani Pothula
Software Architecture Is Finally Fixing Its Biggest Problem: Developer Experience
Jul 25th 2025 9:00am, by Avraam Tolmidis
Is Oreon Linux a True Red Hat Enterprise Alternative?
Sep 21st 2025 7:00am, by Jack Wallen
How to Self-Host Your Notes With Trilium and Docker
Sep 13th 2025 7:00am, by Jack Wallen
Linux: Deploy a Honeypot to Catch Your Server's Attackers
Sep 7th 2025 7:00am, by Jack Wallen
Connect to a Local Ollama AI Instance From Within Your LAN
Sep 6th 2025 7:00am, by Jack Wallen
Pods Is a Handy Linux GUI for Managing Your Podman Containers
Sep 3rd 2025 6:00am, by Jack Wallen
How Dapr and WebAssembly Team Up for Microservices
Oct 2nd 2025 6:00am, by B. Cameron Gain
Your CI/CD Pipeline Wasn't Built for Microservices
Aug 7th 2025 7:00am, by Arjun Iyer
Introduction to Microservices
Aug 5th 2025 5:00pm, by TNS Staff
FoundationDB: A Distributed Database That Can't Be Killed
Jul 25th 2025 7:00am, by Joab Jackson
Why Scaling Makes Microservices Testing Exponentially Harder
Jul 16th 2025 11:00am, by Arjun Iyer
Stop Ignoring the Browser: The Biggest Frontend Shift in a Decade
Oct 2nd 2025 8:00am, by Alexander T. Williams
How a Shared Test Suite Fixed the Web’s Biggest Problems
Sep 30th 2025 10:00am, by Mary Branscombe
Broadcom Ends Free Bitnami Images, Forcing Users To Find Alternatives
Sep 30th 2025 8:00am, by Joab Jackson
Tor: The Easiest Way to Securely Browse the Web on Linux
Sep 28th 2025 8:00am, by Jack Wallen
Homebrew Project Lead Brings Data to Ruby Central’s Debate
Sep 27th 2025 7:00am, by Loraine Lawson
How To Deploy a Full-Stack, Containerized Network Infrastructure Visualizer
Sep 24th 2025 1:00pm, by Jack Wallen
How Agentic AI Is Redefining Campus and Branch Network Needs
Aug 15th 2025 10:00am, by Lawrence Huang
Mythbusting IPv6: Why Adoption Lags and What Will Change It
Jul 29th 2025 11:00am, by Alessandro Improta and Denton Chikura
How the Free Software Foundation Battles the LLM Bots
Jul 20th 2025 6:00am, by David Cassel
Google Brings the Lustre Parallel File System to Its Cloud
Jul 11th 2025 7:00am, by Joab Jackson
How InfluxDB 3 Brings Processing Directly Into the Database
Sep 17th 2025 10:00am, by Jelani Harper
VMware Cloud Foundation Is Now an AI-Native Platform
Aug 26th 2025 5:00am, by Joab Jackson
Mastering Storage for VMs: A DevOps Perspective
Aug 13th 2025 12:00pm, by Carol Platz
Battle-Tested Tips for a Better NoSQL Migration
Aug 7th 2025 9:00am, by Felipe Cardeneti Mendes
The Obscure Paradox Fueling AI and Big Data Growth
Jul 30th 2025 11:00am, by Franz Knupfer
AI AI Engineering API Management Backend development Data Frontend Development Large Language Models Security Software Development WebAssembly
How To Use Vibe Coding Safely in the Enterprise
Oct 1st 2025 12:00pm, by
5 AI Extensions to Help Improve Your VS Code Experience
Oct 1st 2025 10:00am, by
JFrog Maps Strategy for AI-Driven Development Future
Sep 30th 2025 3:00pm, by
OutSystems Launches a Low-Code Workbench for Building Enterprise AI Agents
Sep 30th 2025 12:00pm, by
How WebMCP Lets Developers Control AI Agents With JavaScript
Sep 30th 2025 11:00am, by
How To Use Vibe Coding Safely in the Enterprise
Oct 1st 2025 12:00pm, by
Clarifai’s AI Engine Cuts Costs Without Performance Hit
Sep 26th 2025 12:00pm, by
How To Use RAG-Powered AI for Safer Legacy Code Maintenance
Sep 25th 2025 10:00am, by
AI Has Won: Google's DORA Study Shows Universal Dev Adoption
Sep 23rd 2025 4:00pm, by
Solving 3 Enterprise AI Problems Developers Face
Sep 15th 2025 11:00am, by
How Dapr and WebAssembly Team Up for Microservices
Oct 2nd 2025 6:00am, by
Your APIs Are Costing More Than You Think
Sep 12th 2025 10:00am, by
When Is MCP Actually Worth It?
Sep 10th 2025 8:00am, by
Why Your Legacy APIs Are a Roadblock for AI Agents
Sep 4th 2025 11:00am, by
WunderGraph Uses AI To Challenge Apollo's GraphQL Empire
Aug 27th 2025 5:00pm, by
Vibe Coding: When AI Writes the Code, Who Secures It?
Sep 26th 2025 1:00pm, by
How MCP Uses Streamable HTTP for Real-Time AI Tool Interaction
Aug 18th 2025 10:34am, by
A Backend for Frontend: Watt for Node.js Simplifies Operations
Aug 14th 2025 6:00am, by
Human-on-the-Loop: The New AI Control Model That Actually Works
Aug 4th 2025 8:00am, by
IT Orchestration Is the Secret Behind Smooth, Scalable IT Operations
Aug 3rd 2025 10:00am, by
Project infragraph: IBM's Real-Time Model for Infrastructure Assets
Sep 26th 2025 4:00am, by
Consistency at Scale: Unifying Temporal and YugabyteDB
Sep 25th 2025 8:00am, by
Snowflake, Salesforce Launch New Standard To Unify Data for AI
Sep 23rd 2025 9:00am, by
How We Cut Telemetry Queries to Under 10 Milliseconds
Sep 22nd 2025 8:00am, by
How InfluxDB 3 Brings Processing Directly Into the Database
Sep 17th 2025 10:00am, by
Stop Ignoring the Browser: The Biggest Frontend Shift in a Decade
Oct 2nd 2025 8:00am, by
3 Maxims for Great Developer Platform Design
Oct 1st 2025 9:00am, by
How WebMCP Lets Developers Control AI Agents With JavaScript
Sep 30th 2025 11:00am, by
How a Shared Test Suite Fixed the Web’s Biggest Problems
Sep 30th 2025 10:00am, by
Why the Frontend Should Embrace Platform Engineering
Sep 29th 2025 6:30am, by
5 AI Extensions to Help Improve Your VS Code Experience
Oct 1st 2025 10:00am, by
Clarifai’s AI Engine Cuts Costs Without Performance Hit
Sep 26th 2025 12:00pm, by
GPT-5’s Enhanced Reasoning Comes With a Steep Hidden Cost
Sep 23rd 2025 8:00am, by
Spec-Driven Development: The Key to Scalable AI Agents
Sep 18th 2025 11:00am, by
Agentic AI Is Key To Preventing Costly AI Hallucinations
Sep 14th 2025 9:00am, by
MCP: Best Practices for Secure Agent-Database Interoperability
Oct 2nd 2025 7:00am, by
Broadcom Ends Free Bitnami Images, Forcing Users To Find Alternatives
Sep 30th 2025 8:00am, by
How AI Can Help IT Teams Find the Signals in Alert Noise
Sep 29th 2025 4:00pm, by
Tor: The Easiest Way to Securely Browse the Web on Linux
Sep 28th 2025 8:00am, by
Vibe Coding: When AI Writes the Code, Who Secures It?
Sep 26th 2025 1:00pm, by
How To Use Vibe Coding Safely in the Enterprise
Oct 1st 2025 12:00pm, by
3 Maxims for Great Developer Platform Design
Oct 1st 2025 9:00am, by
JFrog Maps Strategy for AI-Driven Development Future
Sep 30th 2025 3:00pm, by
Microsoft AI Agents Automate Enterprise Java and .NET Migrations
Sep 26th 2025 4:00pm, by
Python Dataclasses: A Complete Guide to Boilerplate‑Free Objects
Sep 26th 2025 3:00pm, by
How Dapr and WebAssembly Team Up for Microservices
Oct 2nd 2025 6:00am, by
Wasm 3.0 Offers New Way to Handle JavaScript Strings
Sep 20th 2025 7:14am, by
Flutter 3.5 Offers New Developer Experience Features
Aug 30th 2025 6:00am, by
What Debugging JavaScript on WebAssembly Looks Like
Aug 20th 2025 3:00pm, by
Wassette: Microsoft’s Rust-Powered Bridge Between Wasm and MCP
Aug 8th 2025 3:00pm, by
AI Operations CI/CD Cloud Services DevOps Kubernetes Observability Operations Platform Engineering
Taming AI Observability: Control Is the Key to Success
Sep 30th 2025 7:00am, by Dan Juengst
How AI Can Help IT Teams Find the Signals in Alert Noise
Sep 29th 2025 4:00pm, by Jennifer Riggins
All Infrastructure Is AI Infrastructure
Sep 24th 2025 7:00am, by Shaun O'Meara
4 Reasons Agentic AI Is Failing
Sep 17th 2025 12:00pm, by Derek Ashmore
Stop Chasing Low-Stakes Incidents: Let AI Do It
Sep 17th 2025 11:00am, by Mandi Walls
What Is a Software Catalog and Why Should You Have One?
Sep 30th 2025 6:00am, by Dario Esposito
How To Build AI Agents With Lifelong Learning
Sep 26th 2025 11:00am, by Oladimeji Sowole
CISOs: Prepare for Software’s Agentic Future Today
Sep 26th 2025 8:00am, by Josh Lemos
How To Enhance Productivity With DORA Metrics
Sep 23rd 2025 7:00am, by Massimiliano Bianchessi
5 Factors for Predictable Autonomy With Agentic AI
Sep 19th 2025 7:00am, by Brian Friedman and Jonathan Eyler-Werve
How Distributed Postgres Solves Cloud's High-Availability Problem
Sep 11th 2025 9:00am, by Meredith Shubel
How To Build a FinOps Strategy That Works
Sep 8th 2025 9:00am, by Vicki Walker
VCF 9 Gets MCP Support, GPU Optimization at No Extra Cost
Aug 26th 2025 6:00am, by B. Cameron Gain
Cloud Washing in the Age of AI: When ‘Sovereign’ Isn’t
Aug 1st 2025 6:00am, by Julian Hennig
Google Brings the Lustre Parallel File System to Its Cloud
Jul 11th 2025 7:00am, by Joab Jackson
Beyond Basic Scaling: Advanced Kubernetes Resource Strategies
Sep 30th 2025 9:00am, by Vicki Walker
Why the Frontend Should Embrace Platform Engineering
Sep 29th 2025 6:30am, by Loraine Lawson
The Case for Microfrontends and Moving Beyond One Framework
Sep 24th 2025 9:00am, by Alexander T. Williams
Friday vs. Midweek: When's the Best Day to Deploy?
Sep 18th 2025 3:00pm, by Joanna Wyganowska
15 Best Practices for Building MCP Servers in Production
Sep 15th 2025 9:00am, by Janakiram MSV
Migrating From Cluster Autoscaler to Karpenter v0.32
Oct 1st 2025 11:00am, by Isaac Kiptanui
Beyond Basic Scaling: Advanced Kubernetes Resource Strategies
Sep 30th 2025 9:00am, by Vicki Walker
Namespaces: A Step-By-Step Guide to Kubernetes Isolation
Sep 29th 2025 3:00pm, by Sunny Yadav
kubectl cp: Copying Files to and From Kubernetes Pods
Sep 27th 2025 12:00pm, by Sunny Yadav
Top 10 Kubernetes Deployment Errors: Causes and Fixes (And Tips)
Sep 24th 2025 11:00am, by Sunny Yadav
Taming AI Observability: Control Is the Key to Success
Sep 30th 2025 7:00am, by Dan Juengst
How AI Can Help IT Teams Find the Signals in Alert Noise
Sep 29th 2025 4:00pm, by Jennifer Riggins
Introduction to Observability
Sep 27th 2025 5:05am, by B. Cameron Gain
Sentry Founder: AI Patch Generation Is 'Awful' Right Now
Sep 26th 2025 2:00pm, by Heather Joslyn
A Guide To Fluent Bit Processors for Conditional Log Processing
Sep 24th 2025 8:00am, by Sharad Regoti
Migrating From Cluster Autoscaler to Karpenter v0.32
Oct 1st 2025 11:00am, by Isaac Kiptanui
Deploying AI in Air-Gapped Environments: What It Really Takes
Sep 29th 2025 6:00am, by Chris du Toit
Why Your App’s Biggest Performance Bottleneck Might Be SSL/TLS
Sep 25th 2025 6:00am, by Ron Northcutt
A Guide To Fluent Bit Processors for Conditional Log Processing
Sep 24th 2025 8:00am, by Sharad Regoti
How To Enhance Productivity With DORA Metrics
Sep 23rd 2025 7:00am, by Massimiliano Bianchessi
3 Maxims for Great Developer Platform Design
Oct 1st 2025 9:00am, by Loraine Lawson
Beyond Basic Scaling: Advanced Kubernetes Resource Strategies
Sep 30th 2025 9:00am, by Vicki Walker
What Is a Software Catalog and Why Should You Have One?
Sep 30th 2025 6:00am, by Dario Esposito
Why the Frontend Should Embrace Platform Engineering
Sep 29th 2025 6:30am, by Loraine Lawson
Internal Developer Portal vs. Platform: What's the Difference?
Sep 16th 2025 8:00am, by Dario Esposito
C++ Developer tools Go Java JavaScript Programming Languages Python Rust TypeScript
The 'Obfuscated C Code Contest' Confronts the Age of AI
Aug 17th 2025 6:00am, by David Cassel
How AI Can Help You Learn the Art of Programming
Jun 20th 2025 9:00am, by Jack Wallen
How to Build Multistep Forms in React
May 22nd 2025 12:00pm, by Vinod Pal
EngFlow Makes C++ Builds 21x Faster and Software a Lot Safer
Apr 3rd 2025 3:00pm, by Darryl K. Taft
Memory-Safe C: TrapC's Pitch to the C ISO Working Group
Mar 12th 2025 7:00am, by David Cassel
5 AI Extensions to Help Improve Your VS Code Experience
Oct 1st 2025 10:00am, by Jack Wallen
First Look at Verdent, an Autonomous Coding Agent From China
Sep 27th 2025 6:00am, by David Eastman
Open Source Turmoil: RubyGems Maintainers Kicked Off GitHub
Sep 23rd 2025 10:31am, by Loraine Lawson
TikTok’s Ex-Algorithm Chief Launches Verdent AI Coding Tool
Sep 23rd 2025 6:00am, by Richard MacManus
AWS Kiro: Testing an AI IDE with a Spec-Driven Approach
Sep 20th 2025 5:05am, by David Eastman
Go Experts: 'I Don't Want to Maintain AI-Generated Code'
Sep 28th 2025 6:00am, by David Cassel
How To Run Kubernetes Commands in Go: Steps and Best Practices 
Jun 27th 2025 8:00am, by Sunny Yadav
Prepare Your Mac for Go Development
Apr 12th 2025 7:00am, by Damon M. Garn
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Microsoft AI Agents Automate Enterprise Java and .NET Migrations
Sep 26th 2025 4:00pm, by Darryl K. Taft
Java 25: Oracle Makes Java Easier To Learn, Ready for AI Development
Sep 18th 2025 4:00pm, by Darryl K. Taft
Vibe Coding Fails Enterprise Reality Check
Sep 10th 2025 4:00pm, by Darryl K. Taft
New Tool Ends Java Configuration Nightmare in K8s
Aug 21st 2025 3:00pm, by Darryl K. Taft
Code Anywhere: Turn Your Android Tablet Into a Dev Machine
Jul 23rd 2025 10:30am, by Jack Wallen
How Vite Became the Backbone of Modern Frontend Frameworks
Sep 26th 2025 9:00am, by Richard MacManus
JavaScript Gets Supply Chain Security With Chainguard Libraries
Sep 25th 2025 12:00pm, by Darryl K. Taft
Java Language Architect Brian Goetz on How Java Could Evolve
Sep 21st 2025 6:00am, by David Cassel
Wasm 3.0 Offers New Way to Handle JavaScript Strings
Sep 20th 2025 7:14am, by Loraine Lawson
Getting Started With Elixir and Phoenix, a JS Alternative
Sep 17th 2025 6:00am, by Jessica Wachtel
Homebrew Project Lead Brings Data to Ruby Central’s Debate
Sep 27th 2025 7:00am, by Loraine Lawson
Python Dataclasses: A Complete Guide to Boilerplate‑Free Objects
Sep 26th 2025 3:00pm, by Jessica Wachtel
Microsoft Goes All-in on Rust for Core Infrastructure and Much More
Sep 19th 2025 5:00pm, by Darryl K. Taft
Java 25: Oracle Makes Java Easier To Learn, Ready for AI Development
Sep 18th 2025 4:00pm, by Darryl K. Taft
Why Your Rust Adoption Will Probably Fail (And How To Beat the Odds)
Sep 6th 2025 10:00am, by Darryl K. Taft
Why Python Data Engineers Should Know Kafka and Flink
Oct 1st 2025 8:00am, by Diptiman Raichaudhuri
Python Dataclasses: A Complete Guide to Boilerplate‑Free Objects
Sep 26th 2025 3:00pm, by Jessica Wachtel
Why You Can’t Debug a Running Quantum Computer Program
Sep 23rd 2025 6:00am, by Joab Jackson
New Python CLI Tool Catches MCP Server Issues Before Agents Do
Sep 17th 2025 9:00am, by Steven J. Vaughan-Nichols
How To Work With Local AI in the Zed IDE
Sep 10th 2025 9:00am, by Jack Wallen
How Vite Became the Backbone of Modern Frontend Frameworks
Sep 26th 2025 9:00am, by Richard MacManus
Microsoft Goes All-in on Rust for Core Infrastructure and Much More
Sep 19th 2025 5:00pm, by Darryl K. Taft
Why Your Rust Adoption Will Probably Fail (And How To Beat the Odds)
Sep 6th 2025 10:00am, by Darryl K. Taft
Microsoft's Rust Bet: From Blue Screens to Safer Code
Sep 4th 2025 4:00pm, by Darryl K. Taft
New Rust-Based Tool Installs Ruby in Seconds
Sep 4th 2025 10:00am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
Oracle Won’t Release ‘JavaScript’ Without a Fight
Jan 11th 2025 5:00am, by Loraine Lawson
The Year in JavaScript: Top JS News Stories of 2024
Dec 27th 2024 6:30am, by Loraine Lawson
How OOP Developers Can Get To Know TypeScript Through Deno
Oct 19th 2024 8:00am, by David Eastman
Cloud Native Ecosystem / Open Source / Security

Broadcom Ends Free Bitnami Images, Forcing Users To Find Alternatives

Broadcom has ended its free Bitnami image program, forcing users of Helm and other open source projects to find new sources to avoid deployment disruptions.
Sep 30th, 2025 8:00am by
Featued image for: Broadcom Ends Free Bitnami Images, Forcing Users To Find Alternatives

This week, users of Helm and other cloud native open source projects will have to find other free sources for their pre-compiled production-ready application images and Helm Charts. As of Monday, Broadcom has revamped its image download program, narrowing the free downloads available in favor of a smaller number of resources mostly available under a commercial license.

Users of many open source applications have been hard hit by the change.

The Impact on Open Source Application Users

Many administrators, however, have baked the Bitnami into their own automated deployment strategies. For them, work lies ahead to find new images and Helm charts as well as formulate new migration or mirroring strategies to avoid potential disruption.

“For years, Bitnami’s images and Helm charts were the de facto path to running popular apps on Kubernetes. Well-maintained images, sensible defaults, and easy Helm installs. Many teams pinned Bitnami images in deployments, CI pipelines, and internal charts,” noted a blog post from services provider Prequel.

The Impact on Open Source Application Users

The biggest risks of the Bitnami deprecation, according to Prequel’s post, are:

    • Kubernetes ImagePullBackOff on restarts or during  autoscaling,
    • stale/unpatched images (CVE drift),
    • Time-bomb restarts: Running pods look fine until the next pull (then fail).
    • chart drift and subchart dependencies that break upgrades.

While disruptive to the Helm community, others are feeling the pinch as well. One Reddit contributor wondered where he could get the latest images for MongoDB, Postgres and Redis.

CNCF Clarifies Helm Project’s Status

The Cloud Native Computing Foundation even issued a statement, asserting that the move did not affect Helm itself, in response to user queries.

“Helm is a graduated project that will remain under the CNCF. It continues to be fully open source, Apache 2.0 licensed, and governed by a neutral community,” wrote CNCF CTO Chris Aniszczyk and Helm co-creator Matt Butcher, in a statement. “Bitnami’s decision to deprecate its public chart and image repositories is entirely separate from the Helm project itself.”

Broadcom’s New Commercial Model for Bitnami

The Tanzu Division of Broadcom announced the move in July, when unveiling a new service based on the Bitnami repository, called Bitnami Secure Images, which would offer a set of 280 images that have gone through security hardening (SBOM support, CVE patching, enterprise support), and are available commercially (the repository will be managed by Arrow Electronics).

As part of the move, the company gradually disables the non-latest Debian-based images, shuffling them to the Bitnami Legacy archive site.

With a few exceptions, no updates will be made to these older images. The company will still provide a limited subset of free, latest-version images for development use.

Helm charts will still be available on Docker Hub as  OCI artifacts, and will not be updated.

 

Bitnami changes

How Vendors Are Filling the Void

A number of vendors have quickly jumped in to fill the void: RapidFort offered its set of “near-zero CVE” curated images. Prequel has published a set of CREs (Common Reliability Enumerations) that detect Bitnami images being pulled into production settings, as part of a paid service.

“The Bitnami disruption represents both a challenge and an opportunity. While the immediate need is to replace Bitnami images to maintain operational continuity, the broader opportunity is to significantly enhance your organization’s security posture through RapidFort’s curated, near-zero CVE container images,” the RapidFort post summarized.

screenshot

Prequel Rules Catalog

A Brief History of Bitnami

As of earlier this year, Bitnami was serving up as many as 500 million images each month, and had even ramped up its support for Helm charts, scanning for vulnerabilities all the images the Helm chart included.

Bitnami itself was started by in 2007 by Daniel López and Erica Brescia, with the goal of making it easier for developers to deploy open source software across different platforms.

TRENDING STORIES
Group Created with Sketch.
Joab Jackson is a senior editor for The New Stack, covering cloud native computing and system operations. He has reported on IT infrastructure and development for over 30 years, including stints at IDG and Government Computer News. Before that, he...
Read more from Joab Jackson
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Docker.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.