Chiselled Ubuntu
Ultra-small, ultra-secure containerisation
Rethink your containerisation strategy with chiselled Ubuntu — where ultra-small meets ultra-secure. Trim your attack surface by 6x and get the reliability of a vendor-supported Linux distribution.
Only include the dependencies you need
Applications commonly rely on a large, recursive set of dependencies, but they only use a limited subset of the functionalities offered by each one of them.
Since Debian packages are archives that can be inspected, navigated and deconstructed, it is possible to define slices of packages that contain minimal, complementary, loosely-coupled sets of files based on package metadata and content.
Chisel offers a way to define those slices, so that your container only includes what's strictly necessary for the application, and nothing more.
How to reduce container image size
Chisel trims up to 80% of your containers' attack surface.
Mark Lewis, VP Application Services at Canonical, explains how chisel works.
Why your attack surface matters
Container images’ attack surface is a critical factor in determining their security. As the size of a container image increases, so does the potential for vulnerabilities and known security issues.
According to Sysdig, 87% of container images have high or critical vulnerabilities.
Chiselled Ubuntu:
Production-ready, ultra-small Ubuntu containers
Experience the power of ultra-small containerisation. Chiselled Ubuntu delivers efficiency with a minimal attack surface.
Chiselled Ubuntu and your favourite toolchains come together seamlessly. It's your shortcut to creating and deploying secure, super-efficient images for production environments.
| .NET | Ubuntu .NET image | 219MB |
| Chiselled Ubuntu .NET image | 116MB | |
| Chiselled Ubuntu for self contained .NET image | 5MB |
| Java | Eclipse Temurin | 215MB |
| Chiselled Ubuntu for JRE8 | 113MB |
| C, C++, Go, R | Google Distroless | 20MB |
| Chiselled Ubuntu | 12MB |
How does chisel work
Chisel operates as a from-scratch package manager, meticulously sculpting ultra-small runtime file systems.
To do so, chiselled Ubuntu relies on a curated collection of Slice Definitions Files. These files relate to the upstream packages from the Ubuntu archives, and define one or more slices for any given package. A package slice represents a subset of the package’s contents, comprising its maintainer scripts and dependencies.
Chisel effectively layers reusable knowledge on top of traditional Ubuntu deb packages, through a developer-friendly CLI and fine-grained dependency management mechanism.
What industry experts say
Don’t take our word for it. Listen to industry experts discuss chiselled Ubuntu.
“There has always been a need for smaller and tighter images. Developers remind us, as a base image provider, of that on a regular basis. Chiselled images leapfrog over approaches we’ve looked at in the past. We love the idea and implementation of chiselled images and Canonical as a partner. When technical leaders at Canonical shared the first demos of chiselled images with us, we immediately wanted to be a launch partner, and we’re thrilled that we’re shipping Ubuntu chiselled images for .NET as part of the GA release”
Richard Lander, Program Manager, .NET at Microsoft
From development to production: making developers' lives easier
A seamless developer experience means more productive teams and more secure applications.
Chiselled Ubuntu is designed to simplify the containerisation journey, ensuring a smooth transition from development to production.
- 100% library and release cycle alignment with Ubuntu LTS
- Fewer dependency headaches
- Chisel CLI for easier multi-stage builds
- Simple image rebuilds
- Prebuilt chiselled images for popular toolchains such as .NET and Java
Vendor supported
distroless images
Chiselled Ubuntu images are fully supported by Canonical, on the same terms as classic minimal Ubuntu images:
- 5-year free bug fixing and security patching for the main libraries
- 10-year security patching for Ubuntu Pro customers, on all Ubuntu packages
- 24/7 phone and ticket customer support