Rethink your containerisation strategy with chiselled Ubuntu — where ultra-small meets ultra-secure. Trim your attack surface by 6x and get the reliability of a vendor-supported Linux distribution.
Applications commonly rely on a large, recursive set of dependencies, but they only use a limited subset of the functionalities offered by each one of them.
Since Debian packages are archives that can be inspected, navigated and deconstructed, it is possible to define slices of packages that contain minimal, complementary, loosely-coupled sets of files based on package metadata and content.
Chisel offers a way to define those slices, so that your container only includes what's strictly necessary for the application, and nothing more.
Mark Lewis, VP Application Services at Canonical, explains how chisel works.
Container images’ attack surface is a critical factor in determining their security. As the size of a container image increases, so does the potential for vulnerabilities and known security issues.
According to Sysdig, 87% of container images have high or critical vulnerabilities.
Experience the power of ultra-small containerisation. Chiselled Ubuntu delivers efficiency with a minimal attack surface.
Chiselled Ubuntu and your favourite toolchains come together seamlessly. It's your shortcut to creating and deploying secure, super-efficient images for production environments.
| .NET | Ubuntu .NET image | 219MB |
| Chiselled Ubuntu .NET image | 116MB | |
| Chiselled Ubuntu for self contained .NET image | 5MB |
| Java | Eclipse Temurin | 215MB |
| Chiselled Ubuntu for JRE8 | 113MB |
| C, C++, Go, R | Google Distroless | 20MB |
| Chiselled Ubuntu | 12MB |
Chisel operates as a from-scratch package manager, meticulously sculpting ultra-small runtime file systems.
To do so, chiselled Ubuntu relies on a curated collection of Slice Definitions Files. These files relate to the upstream packages from the Ubuntu archives, and define one or more slices for any given package. A package slice represents a subset of the package’s contents, comprising its maintainer scripts and dependencies.
Chisel effectively layers reusable knowledge on top of traditional Ubuntu deb packages, through a developer-friendly CLI and fine-grained dependency management mechanism.
Don’t take our word for it. Listen to industry experts discuss chiselled Ubuntu.
“There has always been a need for smaller and tighter images. Developers remind us, as a base image provider, of that on a regular basis. Chiselled images leapfrog over approaches we’ve looked at in the past. We love the idea and implementation of chiselled images and Canonical as a partner. When technical leaders at Canonical shared the first demos of chiselled images with us, we immediately wanted to be a launch partner, and we’re thrilled that we’re shipping Ubuntu chiselled images for .NET as part of the GA release”
Richard Lander, Program Manager, .NET at Microsoft
A seamless developer experience means more productive teams and more secure applications.
Chiselled Ubuntu is designed to simplify the containerisation journey, ensuring a smooth transition from development to production.
Chiselled Ubuntu images are fully supported by Canonical, on the same terms as classic minimal Ubuntu images: