VMware Application Catalog is a library of more than 130 widely used OSS application components that are built to spec, continuously maintained and verifiably tested for use in production environments. It aims to enable secure and compliant consumption of open source software by enterprise developers. But ensuring security across 130+ open source software applications and delivering it to hundreds of thousands of users is easier said than done. In this whitepaper, we go through the key security measures we have undertaken in VMware Application Catalog to ensure that our customers minimize security risks and achieve strict regulatory compliance while working with open source software