diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml index f06726724..e23df07b7 100644 --- a/.github/workflows/markdownlint.yml +++ b/.github/workflows/markdownlint.yml @@ -26,4 +26,4 @@ jobs: run: | echo "::add-matcher::.github/workflows/markdownlint-problem-matcher.json" npm i -g markdownlint-cli - markdownlint "**/*.md" + markdownlint "**/*.md" -i "eng/readme-templates/*" -i "eng/common/*" diff --git a/.markdownlint.json b/.markdownlint.json index 9857898f1..6f9caa707 100644 --- a/.markdownlint.json +++ b/.markdownlint.json @@ -6,27 +6,16 @@ // Follow-up work will be done to enable these rules and clean up the violations. "MD001": false, // heading-increment Heading levels should only increment by one level at a time "MD004": false, // ul-style Unordered list style - "MD005": false, // list-indent Inconsistent indentation for list items at the same level - "MD007": false, // ul-indent Unordered list indentation - "MD009": false, // no-trailing-spaces Trailing spaces - "MD010": false, // no-hard-tabs Hard tabs - "MD011": false, // no-reversed-links Reversed link syntax - "MD012": false, // no-multiple-blanks Multiple consecutive blank lines "MD013": false, // line length "MD014": false, // commands-show-output Dollar signs used before commands without showing output "MD022": false, // blanks-around-headings Headings should be surrounded by blank lines "MD024": false, // no-duplicate-heading Multiple headings with the same content "MD025": false, // single-title/single-h1 Multiple top-level headings in the same document - "MD026": false, // no-trailing-punctuation Trailing punctuation in heading "MD028": false, // no-blanks-blockquote Blank line inside blockquote - "MD031": false, // blanks-around-fences Fenced code blocks should be surrounded by blank lines - "MD032": false, // blanks-around-lists Lists should be surrounded by blank lines "MD034": false, // no-bare-urls Bare URL used "MD036": false, // no-emphasis-as-heading Emphasis used instead of a heading "MD037": false, // no-space-in-emphasis Spaces inside emphasis markers "MD040": false, // fenced-code-language Fenced code blocks should have a language specified "MD041": false, // first-line-heading/first-line-h1 First line in a file should be a top-level heading - "MD047": false, // single-trailing-newline Files should end with a single newline character "MD049": false, // emphasis-style Emphasis style - "MD051": false, // link-fragments Link fragments should be valid } diff --git a/.portal-docs/docker-hub/README.aspire-dashboard.md b/.portal-docs/docker-hub/README.aspire-dashboard.md index 439aaa646..44ce206bb 100644 --- a/.portal-docs/docker-hub/README.aspire-dashboard.md +++ b/.portal-docs/docker-hub/README.aspire-dashboard.md @@ -23,9 +23,9 @@ The dashboard shows: The dashboard must be configured when it is started. The configuration is done via environment variables. The following environment variables are supported: -- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to http://localhost:18888. -- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to http://localhost:18889. -- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to http://localhost:18890. +- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to `http://localhost:18888`. +- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to `http://localhost:18889`. +- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to `http://localhost:18890`. - `DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS` specifies the dashboard doesn't use authentication and accepts anonymous access. This setting is a shortcut to configuring `Dashboard:Frontend:AuthMode` and `Dashboard:Otlp:AuthMode` to `Unsecured`. - `DOTNET_DASHBOARD_CONFIG_FILE_PATH` specifies the path for an optional JSON configuration file. @@ -126,6 +126,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.aspnet.md b/.portal-docs/docker-hub/README.aspnet.md index 955b2781e..1859fe2cc 100644 --- a/.portal-docs/docker-hub/README.aspnet.md +++ b/.portal-docs/docker-hub/README.aspnet.md @@ -87,6 +87,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.md b/.portal-docs/docker-hub/README.md index 88b2f51a8..ba50349f2 100644 --- a/.portal-docs/docker-hub/README.md +++ b/.portal-docs/docker-hub/README.md @@ -21,8 +21,8 @@ You can use C# or F# to write .NET apps. -- [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. -- [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. +* [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. +* [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. [.NET](https://github.com/dotnet/core) is open source (MIT and Apache 2 licenses) and was contributed to the [.NET Foundation](http://dotnetfoundation.org) by Microsoft in 2014. It can be freely adopted by individuals and companies, including for personal, academic or commercial purposes. Multiple companies use .NET as part of apps, tools, new platforms and hosting services. diff --git a/.portal-docs/docker-hub/README.monitor-base.md b/.portal-docs/docker-hub/README.monitor-base.md index f431d4389..4a4ca8042 100644 --- a/.portal-docs/docker-hub/README.monitor-base.md +++ b/.portal-docs/docker-hub/README.monitor-base.md @@ -69,6 +69,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.monitor.md b/.portal-docs/docker-hub/README.monitor.md index 4e85d11f4..da3e98549 100644 --- a/.portal-docs/docker-hub/README.monitor.md +++ b/.portal-docs/docker-hub/README.monitor.md @@ -70,6 +70,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.runtime-deps.md b/.portal-docs/docker-hub/README.runtime-deps.md index 94a874217..2205910cf 100644 --- a/.portal-docs/docker-hub/README.runtime-deps.md +++ b/.portal-docs/docker-hub/README.runtime-deps.md @@ -68,6 +68,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.runtime.md b/.portal-docs/docker-hub/README.runtime.md index 94299a131..88c07cdca 100644 --- a/.portal-docs/docker-hub/README.runtime.md +++ b/.portal-docs/docker-hub/README.runtime.md @@ -76,6 +76,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.samples.md b/.portal-docs/docker-hub/README.samples.md index 599ea4a47..1c984c049 100644 --- a/.portal-docs/docker-hub/README.samples.md +++ b/.portal-docs/docker-hub/README.samples.md @@ -95,6 +95,7 @@ These sample images are not intended for production use and may be subject to br ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.sdk.md b/.portal-docs/docker-hub/README.sdk.md index b517aa918..bf0a97013 100644 --- a/.portal-docs/docker-hub/README.sdk.md +++ b/.portal-docs/docker-hub/README.sdk.md @@ -78,6 +78,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.aspire-dashboard.portal.md b/.portal-docs/mar/README.aspire-dashboard.portal.md index 0798e2d84..d192b5644 100644 --- a/.portal-docs/mar/README.aspire-dashboard.portal.md +++ b/.portal-docs/mar/README.aspire-dashboard.portal.md @@ -41,9 +41,9 @@ The dashboard shows: The dashboard must be configured when it is started. The configuration is done via environment variables. The following environment variables are supported: -- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to http://localhost:18888. -- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to http://localhost:18889. -- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to http://localhost:18890. +- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to `http://localhost:18888`. +- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to `http://localhost:18889`. +- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to `http://localhost:18890`. - `DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS` specifies the dashboard doesn't use authentication and accepts anonymous access. This setting is a shortcut to configuring `Dashboard:Frontend:AuthMode` and `Dashboard:Otlp:AuthMode` to `Unsecured`. - `DOTNET_DASHBOARD_CONFIG_FILE_PATH` specifies the path for an optional JSON configuration file. @@ -122,6 +122,7 @@ Limits are per-resource. For example, a `MaxLogCount` value of 10,000 configures #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.aspnet.portal.md b/.portal-docs/mar/README.aspnet.portal.md index a655cb7d7..b5bb50c1d 100644 --- a/.portal-docs/mar/README.aspnet.portal.md +++ b/.portal-docs/mar/README.aspnet.portal.md @@ -83,6 +83,7 @@ The [Image Variants documentation](https://github.com/dotnet/dotnet-docker/blob/ #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.monitor-base.portal.md b/.portal-docs/mar/README.monitor-base.portal.md index ae69a6187..e257c4aa7 100644 --- a/.portal-docs/mar/README.monitor-base.portal.md +++ b/.portal-docs/mar/README.monitor-base.portal.md @@ -65,6 +65,7 @@ The following Dockerfiles demonstrate how you can use this base image to build a #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.monitor.portal.md b/.portal-docs/mar/README.monitor.portal.md index 19a9a0cb4..c8a7bc8a6 100644 --- a/.portal-docs/mar/README.monitor.portal.md +++ b/.portal-docs/mar/README.monitor.portal.md @@ -66,6 +66,7 @@ See the [documentation](https://go.microsoft.com/fwlink/?linkid=2158052) for how #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.runtime-deps.portal.md b/.portal-docs/mar/README.runtime-deps.portal.md index 122de74fd..f92e11a81 100644 --- a/.portal-docs/mar/README.runtime-deps.portal.md +++ b/.portal-docs/mar/README.runtime-deps.portal.md @@ -64,6 +64,7 @@ The [Image Variants documentation](https://github.com/dotnet/dotnet-docker/blob/ #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.runtime.portal.md b/.portal-docs/mar/README.runtime.portal.md index d6ce87494..f0f605551 100644 --- a/.portal-docs/mar/README.runtime.portal.md +++ b/.portal-docs/mar/README.runtime.portal.md @@ -72,6 +72,7 @@ The [Image Variants documentation](https://github.com/dotnet/dotnet-docker/blob/ #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.samples.portal.md b/.portal-docs/mar/README.samples.portal.md index 94f9e539c..75278aa37 100644 --- a/.portal-docs/mar/README.samples.portal.md +++ b/.portal-docs/mar/README.samples.portal.md @@ -91,6 +91,7 @@ These sample images are not intended for production use and may be subject to br #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.sdk.portal.md b/.portal-docs/mar/README.sdk.portal.md index 016b047a7..0d29aadba 100644 --- a/.portal-docs/mar/README.sdk.portal.md +++ b/.portal-docs/mar/README.sdk.portal.md @@ -74,6 +74,7 @@ The [Image Variants documentation](https://github.com/dotnet/dotnet-docker/blob/ #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b7314be68..8e2a2682e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -12,7 +12,7 @@ Please keep in mind that the GitHub issue tracker is intended for reporting **no If you're reporting the presence of a disclosed security vulnerability, such as a CVE reported in one of our container images, please follow our documented [guidance on vulnerability reporting](https://github.com/dotnet/dotnet-docker/blob/main/documentation/vulnerability-reporting.md). -If you believe you have an issue that affects the security of .NET, please do NOT create an issue and instead email your issue details to secure@microsoft.com. +If you believe you have an issue that affects the security of .NET, please do NOT create an issue and instead email your issue details to . Your report may be eligible for our [bug bounty](https://www.microsoft.com/en-us/msrc/bounty-dot-net-core), but ONLY if it is reported through email. ## Bugs and Feature Requests @@ -27,7 +27,7 @@ We triage issues and decide which issues to prioritize on a weekly basis, so if ## How to Submit a PR -### Before you write code... +### Before you write code Please consider opening a feature request. We are happy to accept community contributions - however, until we discuss your specifc ideas and features as a team, we can't guarantee that we will accept all community PRs. diff --git a/README.aspire-dashboard.md b/README.aspire-dashboard.md index 3ccae77e6..4dce2ce48 100644 --- a/README.aspire-dashboard.md +++ b/README.aspire-dashboard.md @@ -23,9 +23,9 @@ The dashboard shows: The dashboard must be configured when it is started. The configuration is done via environment variables. The following environment variables are supported: -- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to http://localhost:18888. -- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to http://localhost:18889. -- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to http://localhost:18890. +- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to `http://localhost:18888`. +- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to `http://localhost:18889`. +- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to `http://localhost:18890`. - `DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS` specifies the dashboard doesn't use authentication and accepts anonymous access. This setting is a shortcut to configuring `Dashboard:Frontend:AuthMode` and `Dashboard:Otlp:AuthMode` to `Unsecured`. - `DOTNET_DASHBOARD_CONFIG_FILE_PATH` specifies the path for an optional JSON configuration file. @@ -139,6 +139,7 @@ You can retrieve a list of all available tags for dotnet/aspire-dashboard at htt ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.aspnet.md b/README.aspnet.md index edcaf86c0..b3af3b3f1 100644 --- a/README.aspnet.md +++ b/README.aspnet.md @@ -272,6 +272,7 @@ For tags contained in the old dotnet/core/aspnet repository, you can retrieve a ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.md b/README.md index 5ea521e5e..9b43bda55 100644 --- a/README.md +++ b/README.md @@ -16,8 +16,8 @@ You can use C# or F# to write .NET apps. -- [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. -- [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. +* [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. +* [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. [.NET](https://github.com/dotnet/core) is open source (MIT and Apache 2 licenses) and was contributed to the [.NET Foundation](http://dotnetfoundation.org) by Microsoft in 2014. It can be freely adopted by individuals and companies, including for personal, academic or commercial purposes. Multiple companies use .NET as part of apps, tools, new platforms and hosting services. @@ -102,6 +102,7 @@ The [Image Variants documentation](https://github.com/dotnet/dotnet-docker/blob/ ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.monitor-base.md b/README.monitor-base.md index 7a7f1e3e8..47508de31 100644 --- a/README.monitor-base.md +++ b/README.monitor-base.md @@ -94,6 +94,7 @@ You can retrieve a list of all available tags for dotnet/monitor/base at https:/ ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.monitor.md b/README.monitor.md index db965b3ab..48cdc94b9 100644 --- a/README.monitor.md +++ b/README.monitor.md @@ -103,6 +103,7 @@ You can retrieve a list of all available tags for dotnet/monitor at https://mcr. ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.runtime-deps.md b/README.runtime-deps.md index 2ebe2e451..b3a546cb3 100644 --- a/README.runtime-deps.md +++ b/README.runtime-deps.md @@ -185,6 +185,7 @@ For tags contained in the old dotnet/core/runtime-deps repository, you can retri ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.runtime.md b/README.runtime.md index 77c6cc0b5..2e4c823f8 100644 --- a/README.runtime.md +++ b/README.runtime.md @@ -228,6 +228,7 @@ For tags contained in the old dotnet/core/runtime repository, you can retrieve a ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.samples.md b/README.samples.md index f16723134..dfec42f11 100644 --- a/README.samples.md +++ b/README.samples.md @@ -136,6 +136,7 @@ These sample images are not intended for production use and may be subject to br ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.sdk.md b/README.sdk.md index 5cad73060..0de50b72a 100644 --- a/README.sdk.md +++ b/README.sdk.md @@ -198,6 +198,7 @@ For tags contained in the old dotnet/core/sdk repository, you can retrieve a lis ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/SECURITY.md b/SECURITY.md index 65c85cb0b..aec7ca223 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -15,4 +15,3 @@ Reports via MSRC may qualify for the .NET Core Bug Bounty. Details of the .NET C Please do not open issues for anything you think might have a security implication. If you're reporting the presence of a disclosed security vulnerability, such as a CVE reported in one of our container images, please follow the documented guidance on vulnerability reporting in [vulnerability-reporting.md](https://github.com/dotnet/dotnet-docker/blob/main/documentation/vulnerability-reporting.md). - diff --git a/documentation/azurelinux.md b/documentation/azurelinux.md index e0f125f4d..78ae9218d 100644 --- a/documentation/azurelinux.md +++ b/documentation/azurelinux.md @@ -18,20 +18,20 @@ General distroless .NET containers documentation is available [here](./distroles Azure Linux distroless .NET images are available for all supported .NET versions in the following image repos: -- [`mcr.microsoft.com/dotnet/runtime`](../README.runtime.md) -- [`mcr.microsoft.com/dotnet/aspnet`](../README.aspnet.md) -- [`mcr.microsoft.com/dotnet/runtime-deps`](../README.runtime-deps.md) (for self-contained or AOT apps) +* [`mcr.microsoft.com/dotnet/runtime`](../README.runtime.md) +* [`mcr.microsoft.com/dotnet/aspnet`](../README.aspnet.md) +* [`mcr.microsoft.com/dotnet/runtime-deps`](../README.runtime-deps.md) (for self-contained or AOT apps) You can use the following image tags: -- `8.0-cbl-mariner2.0-distroless` -- `6.0-cbl-mariner2.0-distroless` +* `8.0-cbl-mariner2.0-distroless` +* `6.0-cbl-mariner2.0-distroless` ### Installing Additional Packages If your app requires additional packages besides `icu` and `tzdata`, you can follow the same pattern that .NET uses to install the .NET runtime dependencies. -#### Azure Linux 3.0 (Preview): +#### Azure Linux 3.0 (Preview) ```Dockerfile FROM mcr.microsoft.com/dotnet/nightly/aspnet:8.0-azurelinux3.0-distroless AS base @@ -82,7 +82,7 @@ FROM base COPY --from=installer /staging2/ / ``` -#### Azure Linux 2.0: +#### Azure Linux 2.0 ```Dockerfile FROM mcr.microsoft.com/dotnet/aspnet:6.0-cbl-mariner2.0-distroless AS base @@ -141,7 +141,7 @@ The easiest way to enable local Visual Studio debugging while not modifying the To enable Container Fast Mode debugging without affecting your app's production image, you can create a new stage based off the `base` stage (called `debug` in the example) that contains the debugging tools, and then point the VS Fast Mode tools to that debug stage. -Here's an example chart showing the inheritance of the build stages: +Here's an example chart showing the inheritance of the build stages: ```mermaid flowchart TD @@ -153,6 +153,7 @@ flowchart TD Here's an example configuration based off of a simple ASP.NET Core app: **.csproj** + ```diff ... @@ -162,6 +163,7 @@ Here's an example configuration based off of a simple ASP.NET Core app: ``` **Dockerfile** + ```diff # Learn about building .NET container images: # https://github.com/dotnet/dotnet-docker/blob/main/samples/README.md diff --git a/documentation/distroless.md b/documentation/distroless.md index e466e40a7..10a93283a 100644 --- a/documentation/distroless.md +++ b/documentation/distroless.md @@ -12,6 +12,7 @@ They contain the following features: We offer distroless .NET images for two operating systems: [Ubuntu Chiseled](./ubuntu-chiseled.md) and [Azure Linux](./azurelinux.md). .NET distroless images are available for the following image repos: + - [`mcr.microsoft.com/dotnet/runtime`](../README.runtime.md) - [`mcr.microsoft.com/dotnet/aspnet`](../README.aspnet.md) - [`mcr.microsoft.com/dotnet/runtime-deps`](../README.runtime-deps.md) (for self-contained or AOT apps) diff --git a/documentation/image-variants.md b/documentation/image-variants.md index efb6029d5..bf4e3cf8a 100644 --- a/documentation/image-variants.md +++ b/documentation/image-variants.md @@ -6,7 +6,7 @@ As of .NET 8, we also guarantee these images include time zone information (e.g. `tzdata` in Linux). These images are intended to satisfy the most common use cases of .NET developers. -Alpine and [Ubuntu Chiseled](#ubuntu-chiseled-net-60) .NET images are focused on size. +Alpine and [Ubuntu Chiseled](./ubuntu-chiseled.md) .NET images are focused on size. By default, these images do not include `icu` or `tzdata`, meaning that these images only work with apps that are configured for [globalization-invariant mode](https://learn.microsoft.com/dotnet/core/runtime-config/globalization). Apps that require globalization support can use the `extra` image variant of the [dotnet/runtime-deps](https://hub.docker.com/_/microsoft-dotnet-runtime-deps/) images. Because this is only available with `runtime-deps` images, it requires a [self-contained deployment](https://learn.microsoft.com/dotnet/core/deploying/#publish-self-contained) of the application. Alpine, Azure Linux, and Ubuntu Chiseled images also come in `extra`, `composite`, and `aot` variants (see below). diff --git a/documentation/supported-tags.md b/documentation/supported-tags.md index 22a1051a8..8c4c58d73 100644 --- a/documentation/supported-tags.md +++ b/documentation/supported-tags.md @@ -55,6 +55,7 @@ They include: **Note:** Since .NET 8, these multi-platform tags **specifically exclude all Windows versions** due to `containerd`'s platform matching algorithm for Windows hosts. Please see [#4492 (Switch multi-platform tags to Linux only)](https://github.com/dotnet/dotnet-docker/issues/4492) for more context. If you are using Windows, you will need to explicitly specify an OS Version with a single-platform tag like so: + ```Dockerfile FROM mcr.microsoft.com/dotnet/sdk:8.0-nanoserver-ltsc2022 FROM mcr.microsoft.com/dotnet/sdk:8.0-nanoserver-1809 diff --git a/documentation/ubuntu-chiseled.md b/documentation/ubuntu-chiseled.md index 6566ea295..b63b77a13 100644 --- a/documentation/ubuntu-chiseled.md +++ b/documentation/ubuntu-chiseled.md @@ -24,6 +24,7 @@ If you have a compelling use case for a distroless SDK image, please leave a com ## How do I use Ubuntu Chiseled .NET images? Please see our sample Dockerfiles for examples on how to use Ubuntu Chiseled .NET images: + - [aspnetapp](../samples/aspnetapp/Dockerfile.chiseled) - [dotnetapp](../samples/dotnetapp/Dockerfile.chiseled) - [releasesapi](../samples/releasesapi/Dockerfile.ubuntu-chiseled) (and [icu version](../samples/releasesapi/Dockerfile.ubuntu-chiseled-icu)) diff --git a/eng/readme-templates/About.product-family.md b/eng/readme-templates/About.product-family.md index 1d8a1e1fa..deedd915f 100644 --- a/eng/readme-templates/About.product-family.md +++ b/eng/readme-templates/About.product-family.md @@ -4,8 +4,8 @@ You can use C# or F# to write .NET apps. -- [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. -- [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. +* [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. +* [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. [.NET](https://github.com/dotnet/core) is open source (MIT and Apache 2 licenses) and was contributed to the [.NET Foundation](http://dotnetfoundation.org) by Microsoft in 2014. It can be freely adopted by individuals and companies, including for personal, academic or commercial purposes. Multiple companies use .NET as part of apps, tools, new platforms and hosting services. diff --git a/eng/readme-templates/Support.md b/eng/readme-templates/Support.md index 141ffe57a..21d13a2f8 100644 --- a/eng/readme-templates/Support.md +++ b/eng/readme-templates/Support.md @@ -26,6 +26,7 @@ {{ARGS["top-header"]}}## CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/eng/readme-templates/Use.aspire-dashboard.md b/eng/readme-templates/Use.aspire-dashboard.md index 962ebb1fa..7f37e6d6b 100644 --- a/eng/readme-templates/Use.aspire-dashboard.md +++ b/eng/readme-templates/Use.aspire-dashboard.md @@ -14,9 +14,9 @@ The dashboard shows: The dashboard must be configured when it is started. The configuration is done via environment variables. The following environment variables are supported: -- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to http://localhost:18888. -- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to http://localhost:18889. -- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to http://localhost:18890. +- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to `http://localhost:18888`. +- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to `http://localhost:18889`. +- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to `http://localhost:18890`. - `DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS` specifies the dashboard doesn't use authentication and accepts anonymous access. This setting is a shortcut to configuring `Dashboard:Frontend:AuthMode` and `Dashboard:Otlp:AuthMode` to `Unsecured`. - `DOTNET_DASHBOARD_CONFIG_FILE_PATH` specifies the path for an optional JSON configuration file. diff --git a/samples/build-for-a-platform.md b/samples/build-for-a-platform.md index 7f263b447..87d617ec3 100644 --- a/samples/build-for-a-platform.md +++ b/samples/build-for-a-platform.md @@ -87,4 +87,4 @@ Docker Desktop uses [QEMU](https://www.qemu.org/) for emulation, for example run As a result, we need a reliable pattern that can produce multiple variants of images on one machine, but that doesn't use emulation. That's what this document describes. -Context: https://gitlab.com/qemu-project/qemu/-/issues/249 +Context: https://gitlab.com/qemu-project/qemu/-/issues/249 diff --git a/samples/build-in-sdk-container.md b/samples/build-in-sdk-container.md index 6e7cd47b8..a34a0ac21 100644 --- a/samples/build-in-sdk-container.md +++ b/samples/build-in-sdk-container.md @@ -41,8 +41,8 @@ You can see the built binaries with the following command: ```console % ls out -dotnetapp dotnetapp.pdb -dotnetapp.deps.json dotnetapp.runtimeconfig.json +dotnetapp dotnetapp.pdb +dotnetapp.deps.json dotnetapp.runtimeconfig.json dotnetapp.dll ``` @@ -114,8 +114,8 @@ You can see the built binaries with the following command: ```console > ls ~/dotnetapp -dotnetapp dotnetapp.pdb -dotnetapp.deps.json dotnetapp.runtimeconfig.json +dotnetapp dotnetapp.pdb +dotnetapp.deps.json dotnetapp.runtimeconfig.json dotnetapp.dll ``` diff --git a/samples/releasesapi/README.md b/samples/releasesapi/README.md index f3e3cadeb..cf26b2678 100644 --- a/samples/releasesapi/README.md +++ b/samples/releasesapi/README.md @@ -1,6 +1,6 @@ # Release Json Report API -This app demonstrates publishing an app as [native AOT](https://learn.microsoft.com/dotnet/core/deploying/native-aot/) in containers. +This app demonstrates publishing an app as [native AOT](https://learn.microsoft.com/dotnet/core/deploying/native-aot/) in containers. > Note: The base images used by this sample are in preview. @@ -22,7 +22,7 @@ It exposes two endpoints: ## App -The app is intended as a sort of compliance report for .NET. The report includes supported major releases and those recently out of support. It includes the latest and latest security patch versions for each of those major releases. +The app is intended as a sort of compliance report for .NET. The report includes supported major releases and those recently out of support. It includes the latest and latest security patch versions for each of those major releases. This same information is available from the [release JSON](https://github.com/dotnet/core/blob/main/release-notes/releases-index.json) files that the team maintains, but that requires a bit of code to provide the same report. diff --git a/samples/releasesapp/README.md b/samples/releasesapp/README.md index bc9ddd8a0..c1833fc8c 100644 --- a/samples/releasesapp/README.md +++ b/samples/releasesapp/README.md @@ -17,7 +17,7 @@ It will produce output similar to: https://gist.github.com/richlander/4701a33592 ## App -The app is intended as a sort of compliance report for .NET. The report includes supported major releases and those recently out of support. It includes the latest and latest security patch versions for each of those major releases. +The app is intended as a sort of compliance report for .NET. The report includes supported major releases and those recently out of support. It includes the latest and latest security patch versions for each of those major releases. This same information is available from the [release JSON](https://github.com/dotnet/core/blob/main/release-notes/releases-index.json) files that the team maintains, but that requires a bit of code to provide the same report. diff --git a/samples/run-aspnetcore-https-development.md b/samples/run-aspnetcore-https-development.md index ed0d965fc..e3b1f97f5 100644 --- a/samples/run-aspnetcore-https-development.md +++ b/samples/run-aspnetcore-https-development.md @@ -220,4 +220,3 @@ docker run --rm -it -p 8001:8001 -e ASPNETCORE_HTTPS_PORTS=8001 -e ASPNETCORE_EN After the application starts, navigate to `https://localhost:8001` in your web browser. > In the case of using https, be sure to check the certificate you're using is trusted on the host. You can start with navigating to https://localhost:8001 in the browser. If you're looking to test https with a domain name (e.g. https://contoso.com:8001), the certificate would also need the appropiate Subject Alternative Name included, and the DNS settings on the host would need to be updated. In the case of using the generated dev certificate, the trusted certificate will be issued from localhost and will not have the SAN added. -