DirectorySecurity AdvisoriesPricing
/
Sign in
Directory
dotnet-8-runtime-fips logoFIPS

dotnet-8-runtime-fips

packaged by Chainguard

Last changed
Request a free trial

Contact our team to test out this image for free. Please also indicate any other images you would like to evaluate.

Tags
Overview
Comparison
Provenance
Specifications
SBOM
Vulnerabilities
Advisories

Minimal image for .NET and the .NET Tools.

Download this Image

The image is available on cgr.dev:

docker pull cgr.dev/chainguard/dotnet-fips:latest

Compatibility Notes

The Chainguard .NET images are available on cgr.dev as two variants: dotnet-sdk-fips and dotnet-runtime-fips. The SDK variant contains additional tooling to facilitate development and building, while the runtime variant contains only the runtime to execute .NET applications. Both the sdk-fips and runtime-fips images also have latest-dev version that contain a shell and various other tools for development.

SDK

docker pull cgr.dev/chainguard/dotnet-sdk-fips:latest

Runtime

docker pull cgr.dev/chainguard/dotnet-runtime-fips:latest

FIPS Enablement

Our .NET runtime and sdk images have FIPS enabled versions. However, the underlying .NET core runtime does not include any mechanisms to enforce FIPS compliance according to Microsoft's official documentation. Accordingly, it is up you and/or your developers to ensure that your application is using FIPS compliant algorithms and that the runtime environment is also properly configured to run in FIPS mode.

Usage

The dotnet-sdk-fips image can be used directly for simple cases, or with a multi-stage build using the dotnet-sdk-fips as the builder and dotnet-runtime-fips as the final target container.

To get started, go to your current dotnet application directory (or where you house your dotnet applications) and execute the following command. This command should be able to detect the dotnet project in your directory and create a base for the docker initialization.

docker init

This command should create the following files.

Dockerfile
compose.yaml
README.Docker.md
.dockerignore

After the files have been created, replace the contents within the created Dockerfile with the following

FROM cgr.dev/chainguard/dotnet-sdk-fips:latest AS build

COPY --chown=nonroot:nonroot . /source

# If your project resides in a sub directory, make sure you are pointing to that directory. ex: If your project resided in a directory called 'app', you would set the destination to /source/app
WORKDIR /source

RUN dotnet publish --use-current-runtime --self-contained false -o Release

# If you are running an ASPNET project, you can instead pull our ASPNET image cgr.dev/chainguard/aspnet-runtime-fips:latest
FROM cgr.dev/chainguard/dotnet-runtime-fips:latest AS final
WORKDIR /

# Copy everything needed to run the app from the "build" stage.
COPY --from=build source .

ENTRYPOINT ["dotnet", "Release/dotnet.dll"]

This will build your application using the SDK image and then copy the built application over to the Runtime image which will then start.

You can run and publish a local image with the following command

docker compose up -d --build

You can also remove the container using the following

docker compose down
Licenses

Chainguard's container images contain software packages that are direct or transitive dependencies. The following licenses were found in the "latest" tag of this image:

    For a complete list of licenses, please refer to this Image's SBOM.

    Software license agreement
    Compliance

    Chainguard Containers are SLSA Level 3 compliant with detailed metadata and documentation about how it was built. We generate build provenance and a Software Bill of Materials (SBOM) for each release, with complete visibility into the software supply chain.

    SLSA compliance at Chainguard

    This image helps reduce time and effort in establishing PCI DSS 4.0 compliance with low-to-no CVEs.

    PCI DSS at Chainguard

    This is a FIPS validated image for FedRAMP compliance.

    This image is STIG hardened and scanned against the DISA General Purpose Operating System SRG with reports available.

    Learn more about STIGsGet started with STIGs
    Category
    FIPS
    STIG

    The trusted source for open source

    Talk to an expert
    PrivacyTerms

    Product

    Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing

    Solutions

    FedRAMPPCI DSSCMMC 2.0SOC 2Golden ImagesCVE RemediationPublic SectorStartups

    Customers

    Customer StoriesChainguard Reviews

    Resources

    Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

    Company

    About UsBlogOpen Source LeadershipPartnersNewsroomCareersLegal
    © 2026 Chainguard, Inc. All Rights Reserved.
    Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
    The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.