How to reduce container image size
Chisel trims up to 80% of your containers’ attack surface.
Mark Lewis, VP Application Services at Canonical, explains how chisel works.
Why your attack surface matters
Container images’ attack surface is a critical factor in determining their security. As the size of a container image increases, so does the potential for vulnerabilities and known security issues.
According to Sysdig, 87% of container images have high or critical vulnerabilities.
Production-ready, ultra-small Ubuntu containers
Experience the power of ultra-small containerisation. Chiselled Ubuntu delivers efficiency with a minimal attack surface.
Chiselled Ubuntu and your favourite toolchains come together seamlessly. It's your shortcut to creating and deploying secure, super-efficient images for production environments.
|Ubuntu .NET image
|Chiselled Ubuntu .NET image
|Chiselled Ubuntu for self contained .NET image
|Chiselled Ubuntu for JRE8
C, C++, Go, R
|C, C++, Go, R
How does chisel work
Chisel operates as a from-scratch package manager, meticulously sculpting ultra-small runtime file systems.
To do so, chiselled Ubuntu relies on a curated collection of Slice Definitions Files. These files relate to the upstream packages from the Ubuntu archives, and define one or more slices for any given package. A package slice represents a subset of the package’s contents, comprising its maintainer scripts and dependencies.
Chisel effectively layers reusable knowledge on top of traditional Ubuntu deb packages, through a developer-friendly CLI and fine-grained dependency management mechanism.
What industry experts say
Don’t take our word for it. Listen to industry experts discuss chiselled Ubuntu.
“There has always been a need for smaller and tighter images. Developers remind us, as a base image provider, of that on a regular basis. Chiselled images leapfrog over approaches we’ve looked at in the past. We love the idea and implementation of chiselled images and Canonical as a partner. When technical leaders at Canonical shared the first demos of chiselled images with us, we immediately wanted to be a launch partner, and we’re thrilled that we’re shipping Ubuntu chiselled images for .NET as part of the GA release”
Richard Lander, Program Manager, .NET at Microsoft
From development to production: making developers' lives easier
A seamless developer experience means more productive teams and more secure applications.
Chiselled Ubuntu is designed to simplify the containerisation journey, ensuring a smooth transition from development to production.
- 100% library and release cycle alignment with Ubuntu LTS
- Fewer dependency headaches
- Chisel CLI for easier multi-stage builds
- Simple image rebuilds
- Prebuilt chiselled images for popular toolchains such as .NET and Java
Chiselled Ubuntu images are fully supported by Canonical, on the same terms as classic minimal Ubuntu images:
- 5-year free bug fixing and security patching for the main libraries
- 10-year security patching for Ubuntu Pro customers, on all Ubuntu packages
- 24/7 phone and ticket customer support