regular officially released Chiseled Ubuntu container, provides production-ready, secure, ultra-small container images with a focus on efficiency and security. These container images allow users to build images that contain their applications and only those applications. Runtime dependenciesremoves unnecessary operating system level packages, utilities, or libraries, and also provides security maintenance and support commitments from Canonical.
Our sophisticated Ubuntu portfolio includes images for popular toolchains such as Java, .NET, and Python. Additionally, Microsoft collaborated with Canonical on this effort, resulting in generally available carved Ubuntu container images for .NET 6, 7, and 8.
As highlighted in , security remains a major concern in containerization. GitLab’s 2022 Global DevSecOps Survey, reported that only 64% of security professionals have a container security plan. Canonical addresses this issue by providing well-sculpted Ubuntu containers with trusted provenance and an optimal developer-to-production experience. The container image uses a developer-friendly open source package manager called “His Manager”.chisel” allows developers to create ultra-small and precise file systems that contain only what their applications need to run.
Sculpted Ubuntu containers solve a similar need to reduce the base image for containers. Google’s Distroless and chain guard images, provides the same benefits, including minimizing dependency issues, reducing bloat and resource usage, faster startup, and increased security by reducing the number of unnecessary files in the image. Chisel itself uses slice definition files associated with upstream packages in the Ubuntu archive to define the subset of package content required at runtime. This provides fine-grained dependency management through a CLI for developers, reduces the attack surface of container images, and completely eliminates potential attack vectors, leading to more efficient containerization with increased security. It will be possible.
Chiselled Ubuntu’s integration with popular toolchains such as .NET and Java allows developers to seamlessly create and deploy secure and efficient container images. For example, the Chiselled Ubuntu image for the Java runtime engine can reduce compressed image size by 51% compared to the Eclipse Temurin Java 17 runtime image without compromising throughput or startup performance.
In addition to images for Java and Python, Chiselled Ubuntu containers for .NET and ASP.NET are available for a variety of platforms including AMD64, ARM-based platforms, and s390x. Microsoft and Canonical are collaborating on stable, supported, and well-sculpted .NET images for .NET 6, 7, and 8. .NET 8 release introduces security hardening options with deep Ubuntu image variants, giving users more control over the security of their containers. Richard Lander, Microsoft .NET Program Managerhighlighted the benefits of smaller, tighter container images and expressed enthusiasm for the partnership. Lander demonstrated Microsoft’s full commitment and cooperation to his image of the chiseled Ubuntu container, saying:
“The carved Ubuntu image is the base image recommended for developers going forward.”
however, Microsoft development blog comments (The highlighted one is development class), Lander points out that these images only work if every package has slice information, but this is still a work in progress.
Chiselled Ubuntu containers are compliant with Ubuntu’s long-term support guarantee, which provides 5 years of free bug fixes and security patches for containers built from the main repository. Release cycles and library alignment with Ubuntu LTS further improve reliability. The purpose of the sculpted Ubuntu container announced by Canonical is to provide developers with a secure, efficient, and compatible containerization option.more information is available Found on Canonical’s website.