Chiselled Ubuntu

Ultra-small, ultra-secure containerisation

Rethink your containerisation strategy with chiselled Ubuntu — where ultra-small meets ultra-secure. Trim your attack surface by 6x and get the reliability of a vendor-supported Linux distribution.


Only include the dependencies you need

Applications commonly rely on a large, recursive set of dependencies, but they only use a limited subset of the functionalities offered by each one of them.

Since Debian packages are archives that can be inspected, navigated and deconstructed, it is possible to define slices of packages that contain minimal, complementary, loosely-coupled sets of files based on package metadata and content.

Chisel offers a way to define those slices, so that your container only includes what's strictly necessary for the application, and nothing more.


Explore Chisel ›

An image that demonstrates how chiselled Ubuntu works

How to reduce container image size

Chisel trims up to 80% of your containers' attack surface.


Mark Lewis, VP Application Services at Canonical, explains how chisel works.


Why your attack surface matters

Container images’ attack surface is a critical factor in determining their security. As the size of a container image increases, so does the potential for vulnerabilities and known security issues.

According to Sysdig, 87% of container images have high or critical vulnerabilities.


Explore the benefits of smaller container images ›


Chiselled Ubuntu:

Production-ready, ultra-small Ubuntu containers

Experience the power of ultra-small containerisation. Chiselled Ubuntu delivers efficiency with a minimal attack surface.

Chiselled Ubuntu and your favourite toolchains come together seamlessly. It's your shortcut to creating and deploying secure, super-efficient images for production environments.


.NET

Language Package Size
Package Size
.NET
Ubuntu .NET image
219MB
Chiselled Ubuntu .NET image
116MB
Chiselled Ubuntu for self contained .NET image
5MB

Java

Language Package Size
Package Size
Java
Eclipse Temurin
215MB
Chiselled Ubuntu for JRE8
113MB

C, C++, Go, R

Language Package Size
Package Size
C, C++, Go, R
Google Distroless
20MB
Chiselled Ubuntu
12MB


How does chisel work

Chisel operates as a from-scratch package manager, meticulously sculpting ultra-small runtime file systems.

To do so, chiselled Ubuntu relies on a curated collection of Slice Definitions Files. These files relate to the upstream packages from the Ubuntu archives, and define one or more slices for any given package. A package slice represents a subset of the package’s contents, comprising its maintainer scripts and dependencies.

Chisel effectively layers reusable knowledge on top of traditional Ubuntu deb packages, through a developer-friendly CLI and fine-grained dependency management mechanism.


Read more about how chisel works ›



What industry experts say

Don’t take our word for it. Listen to industry experts discuss chiselled Ubuntu.

“There has always been a need for smaller and tighter images. Developers remind us, as a base image provider, of that on a regular basis. Chiselled images leapfrog over approaches we’ve looked at in the past. We love the idea and implementation of chiselled images and Canonical as a partner. When technical leaders at Canonical shared the first demos of chiselled images with us, we immediately wanted to be a launch partner, and we’re thrilled that we’re shipping Ubuntu chiselled images for .NET as part of the GA release”

Richard Lander, Program Manager, .NET at Microsoft


Watch our interview with Richard Lander ›


From development to production: making developers' lives easier

A seamless developer experience means more productive teams and more secure applications.

Chiselled Ubuntu is designed to simplify the containerisation journey, ensuring a smooth transition from development to production.

  • 100% library and release cycle alignment with Ubuntu LTS
  • Fewer dependency headaches
  • Chisel CLI for easier multi-stage builds
  • Simple image rebuilds
  • Prebuilt chiselled images for popular toolchains such as .NET and Java

Get started today ›


Vendor supported
distroless images

Chiselled Ubuntu images are fully supported by Canonical, on the same terms as classic minimal Ubuntu images:


  • 5-year free bug fixing and security patching for the main libraries
  • 10-year security patching for Ubuntu Pro customers, on all Ubuntu packages
  • 24/7 phone and ticket customer support

Read more about our support commitments ›