Canonical Launches Workshop to Simplify Secure and Reproducible Development Environments

Canonical has introduced Workshop, a new open-source utility designed to help developers build consistent development environments with minimal setup. By defining the entire workspace in a simple configuration file, teams can recreate identical environments across multiple systems, eliminating many of the issues caused by inconsistent software versions or manual configuration.

Workshop relies on YAML-based configuration files that describe everything required for a project. Since these files can be stored alongside source code in version control, every developer working on the project can generate the same environment regardless of the operating system or hardware they use.

At the core of Workshop are Software Development Kits (SDKs), which bundle programming languages, frameworks, libraries, and other development tools into reusable packages. Canonical provides an SDK Store where these packages are published and maintained, allowing projects to specify exact SDK versions through release channels similar to the versioning model used by Snap packages.

The initial release includes official SDKs for technologies such as Ollama, OpenCode, NVIDIA CUDA, and AMD ROCm. Developers are also free to build custom SDKs tailored to their own applications. These can be shared publicly through the SDK Store or distributed privately within an organization. Project-specific SDKs may also be stored directly inside a local .workshop directory, making them part of the project’s source tree.

Workshop combines all required SDKs through a straightforward YAML definition file. Because the configuration is stored as plain text, it can easily be reviewed, modified, and tracked using standard version control systems, helping development teams maintain consistent environments throughout a project’s lifecycle.

According to Canonical, Workshop significantly reduces the time required to prepare a new development workstation. Environments that previously required lengthy manual installation and configuration can now be created with only a few commands while remaining consistent over time.

Although Linux developers already have access to tools such as Dev Containers, Nix shells, and Docker Compose, Workshop distinguishes itself by placing a strong emphasis on security and isolation. Every development environment runs inside an unprivileged LXD system container, separating project processes, files, and networking from the host operating system while still sharing the same Linux kernel for efficiency.

Access to host resources is carefully managed through an interface system inspired by Snap’s permission model. Hardware devices and sensitive resources—including GPUs, SSH agents, and other system integrations—are unavailable by default and must be explicitly authorized before a container can use them.

This security-first approach is particularly relevant for developers working with artificial intelligence workloads. Canonical believes development tools should remain convenient for users without automatically granting unrestricted system access to AI agents or automated processes. By using non-privileged containers as the default environment, Workshop limits unnecessary permissions while still providing the resources required for development.

Workshop requires LXD 6.8 or a newer release and is distributed as a Snap package through the Snap Store. Developers interested in exploring its features can review the official documentation for installation instructions, configuration examples, and project management guidance, while the complete source code is also available on GitHub for anyone wishing to contribute or examine the implementation.