Canonical announced it is providing distroless Docker images, complete with 12 years of support, in line with what it offers for Ubuntu Pro.

Docker images play an important role in software deployment, giving organizations a way to deploy and application with all the necessary dependencies. This make it easier to deploy, and has a number of security advantages, as Canonical explains.

The distroless container design paradigm describes containers that include only the files specifically required to run a single application. The goal is a container that is smaller and more difficult to exploit when vulnerabilities are discovered, because there are no surplus utilities or additional content inside the container that can aid an attacker.

Canonical will design Docker images for customers, incorporating all the necessary components and dependencies so the Docker image can be deployed on a number of platforms.

Canonical’s move to offer ‘Everything LTS’ expands Ubuntu Pro with thousands of new open source upstream components, including today’s latest AI/ML dependencies and tools for machine learning, training and inference, which are maintained as source alongside Ubuntu instead of as ‘deb’ packages. The CVE security maintenance commitment Canonical makes to these open source components facilitates compliance with regulatory baselines like FIPS, FedRAMP, EU Cyber Resilience Act (CRA), FCC U.S. Cyber Trust Mark and DISA-STIG.

Customers engage Canonical to design a Docker image of an open source application, or a base image that includes all of the open source dependencies to host their proprietary app. They get hardened distroless container images with a minimal attack surface and 12+ years CVE maintenance. The Docker image – an Open Container Initiative (OCI) standard container image format – runs natively on Ubuntu as well as Red Hat Enterprise Linux (RHEL), VMware Kubernetes or public cloud K8s. Canonical will support these custom-built images on all of those platforms.

“Everything LTS means CVE maintenance for your entire open source dependency tree, including open source that is not already packaged as a deb in Ubuntu” said Mark Shuttleworth, CEO of Canonical. “We deliver distroless or Ubuntu-based Docker images to your spec, which we will support on RHEL, VMware, Ubuntu or major public cloud K8s. Our enterprise and ISV customers can now count on Canonical to meet regulatory maintenance requirements with any open source stack, no matter how large or complex, wherever they want to deploy it.”

“Ensuring compliance with FedRAMP or HIPAA is very challenging for CISOs. This is the simplest and most cost effective way to run a large-scale, compliant container estate in hybrid or public clouds” said Alex Gallagher, Head of Public Cloud Alliances at Canonical. “We work closely with certified public clouds to optimise the security and performance of Kubernetes, and integrate Ubuntu Pro to provide seamless, frictionless access to LTS containers.”