This document is intended to be complimentary to the Instructions for Finding Linux Legal Metadata. This document describes how to interrogate the .NET images to determine licensing and version information for .NET and other components.
Warning
Distroless images require special treatment since they don't contain a shell by default. See the distroless images section below.
.NET and other components are carried in .NET images, all of which are from Microsoft or the .NET Foundation. The following list describes the complete set of other software (beyond base images and packages):
- .NET Runtime
- ASP.NET Core Runtime
- .NET SDK
- PowerShell
You can see these components installed in the runtime, aspnet, and sdk Dockerfiles.
The runtime and ASP.NET Core images include a license and third party notice file.
$ docker run --rm mcr.microsoft.com/dotnet/runtime:10.0 /bin/sh -c "find ./usr/share/dotnet | grep -i 'license\|third'"
./usr/share/dotnet/LICENSE.txt
./usr/share/dotnet/ThirdPartyNotices.txt$ docker run --rm mcr.microsoft.com/dotnet/aspnet:10.0 /bin/sh -c "find ./usr/share/dotnet | grep -i 'license\|third'"
./usr/share/dotnet/LICENSE.txt
./usr/share/dotnet/ThirdPartyNotices.txtThe SDK image includes the .NET SDK, which includes various .NET components, with associated licenses and third party notice files.
$ docker run --rm mcr.microsoft.com/dotnet/sdk:10.0 /bin/sh -c "find ./usr/share/dotnet ./usr/share/powershell | grep -i 'license\|third'"
./usr/share/dotnet/LICENSE.txt
./usr/share/dotnet/ThirdPartyNotices.txt
./usr/share/dotnet/sdk/10.0.100/Sdks/Microsoft.SourceLink.Bitbucket.Git/LICENSE.txt
./usr/share/dotnet/sdk/10.0.100/Sdks/Microsoft.SourceLink.AzureRepos.Git/LICENSE.txt
./usr/share/dotnet/sdk/10.0.100/Sdks/Microsoft.Build.Tasks.Git/LICENSE.txt
./usr/share/dotnet/sdk/10.0.100/Sdks/Microsoft.SourceLink.GitHub/LICENSE.txt
./usr/share/dotnet/sdk/10.0.100/Sdks/Microsoft.NET.Sdk.WindowsDesktop/LICENSE.TXT
./usr/share/dotnet/sdk/10.0.100/Sdks/Microsoft.NET.Sdk.WindowsDesktop/THIRD-PARTY-NOTICES.TXT
./usr/share/dotnet/sdk/10.0.100/Sdks/Microsoft.SourceLink.Common/LICENSE.txt
./usr/share/dotnet/sdk/10.0.100/Sdks/Microsoft.SourceLink.GitLab/LICENSE.txt
./usr/share/powershell/.store/powershell.linux.x64/7.6.0-preview.4/powershell.linux.x64/7.6.0-preview.4/tools/net10.0/any/LICENSE.txt
./usr/share/powershell/.store/powershell.linux.x64/7.6.0-preview.4/powershell.linux.x64/7.6.0-preview.4/tools/net10.0/any/Modules/Microsoft.PowerShell.PSResourceGet/LICENSE
./usr/share/powershell/.store/powershell.linux.x64/7.6.0-preview.4/powershell.linux.x64/7.6.0-preview.4/tools/net10.0/any/Modules/Microsoft.PowerShell.ThreadJob/LICENSE
./usr/share/powershell/.store/powershell.linux.x64/7.6.0-preview.4/powershell.linux.x64/7.6.0-preview.4/tools/net10.0/any/Modules/Microsoft.PowerShell.ThreadJob/ThirdPartyNotices.txt
./usr/share/powershell/.store/powershell.linux.x64/7.6.0-preview.4/powershell.linux.x64/7.6.0-preview.4/tools/net10.0/any/Modules/PSReadLine/License.txt
./usr/share/powershell/.store/powershell.linux.x64/7.6.0-preview.4/powershell.linux.x64/7.6.0-preview.4/tools/net10.0/any/ThirdPartyNotices.txtThe commands listed above won't work when targeting a distroless image since distroless images don't contain a shell by default. Instead, this repo contains a Dockerfile that copies a distroless image's entire filesystem into a non-distroless base image so that its contents can be easily inspected using a shell.
First, build the Dockerfile, specifying the distroless image tag you wish to inspect. Cloning the repo or downloading the Dockerfile is not necessary.
docker build -t distroless-wrapper -f ./Dockerfile.distroless-wrapper --build-arg DISTROLESS_IMAGE=mcr.microsoft.com/dotnet/runtime:10.0-noble-chiseled https://github.com/dotnet/dotnet-docker.git#main:documentation/scriptsNow that you've got the wrapper image, you can execute the commands that are documented targeting the wrapper image instead:
$ docker run --rm distroless-wrapper /bin/sh -c "find ./usr/share/dotnet | grep -i 'license\|third'"
./usr/share/dotnet/LICENSE.txt
./usr/share/dotnet/ThirdPartyNotices.txt.NET Monitor, Aspire Dashboard, and YARP images are all distroless images and should be inspected the same way as other distroless .NET images.
Each appliance image includes its own license and third party notices files.
Appliance image binaries and metadata are located under the /app directory.
Example using .NET Monitor:
$ docker build -t distroless-wrapper -f ./Dockerfile.distroless-wrapper --build-arg DISTROLESS_IMAGE=mcr.microsoft.com/dotnet/monitor https://github.com/dotnet/dotnet-docker.git#main:documentation/scripts
...
$ docker run --rm distroless-wrapper /bin/sh -c "find ./app | grep -i 'license\|third'"
./app/extensions/S3Storage/LICENSE.TXT
./app/extensions/S3Storage/THIRD-PARTY-NOTICES.TXT
./app/extensions/AzureBlobStorage/LICENSE.TXT
./app/extensions/AzureBlobStorage/THIRD-PARTY-NOTICES.TXT
./app/LICENSE.TXT
./app/THIRD-PARTY-NOTICES.TXT