The .NET Runtime image contains the core runtime components required to execute managed applications: the runtime host, JIT/AOT backends, garbage collector, core libraries (base class libraries), and required native dependencies. It omits SDK tooling and build-time artifacts so containers run only the components needed to load and execute compiled assemblies and native interop modules.
In containerized production deployments it is used as the execution base for web servers, API services, background workers, message consumers, and other high‑throughput server processes. Teams evaluating a .NET Runtime hardened image often look for reductions in attack surface (fewer packages, non‑root user), up‑to‑date patches and CVE mitigations, tightened crypto and syscall policies, and reproducible builds to meet security and regulatory controls.
The Minimus .NET Runtime image differs from typical .NET Runtime container images because it is built from scratch with only the essential OS and runtime components, reducing the overall attack surface. By excluding unnecessary packages, services, and tooling it is faster to pull and start, lighter on disk and memory, and easier to maintain and audit for engineers and security teams.
The Minimus hardened .NET Runtime image is further configured to industry hardening guidance such as NIST SP 800-190 and CIS Benchmarks, applying runtime configuration and package controls that minimize privileges and exploitable surface area — yielding a predictable, auditable base suitable for security-sensitive deployments.
.NET is the platform and ecosystem for building and running apps, including languages, libraries, tooling, and the runtime. The .NET runtime is the execution engine (CoreCLR/CLR) that runs code, handles garbage collection and JIT, and provides base libraries, but it does not include compilers or development tools.
A .NET Runtime image contains only the runtime components needed to run apps, not the SDK. For security and smaller footprints, you can use a hardened .NET Runtime image.
Yes, the .NET Framework can run in Docker, but only on Windows containers. It does not run in Linux containers.
For containerizing .NET Framework apps, run Docker on a Windows host and use Windows-based images derived from Windows Server Core.
For production, consider a hardened .NET Runtime image to reduce attack surface.
To create a Docker image of your application, write a Dockerfile that defines how to build and run it. Use multi-stage builds to keep the final image small.
Use a base and a runtime stage. For a .NET app, keep the final image lean by using a minimal runtime image.
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /src
COPY . .
RUN dotnet publish -c Release -o /app
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS runtime
WORKDIR /app
COPY --from=build /app .
ENTRYPOINT ["dotnet", "YourApp.dll"]Build and run locally with docker.
docker build -t myapp:latest .
docker run --rm -p 8080:80 myapp:latestProduction hardening: consider a hardened .NET Runtime image.