Add the ability to include system libraries in self-contained dotnet project #9626

octocolby · 2025-10-08T23:28:38Z

octocolby
Oct 8, 2025

Description

When I publish a dotnet project using dotnet publish --self-contained true it will include some system libraries as dll files in the published directory. Trivy is filtering out these packages for non self-contained packages but there should be support for including these when they are packaged as self-contained.

This has previously been discussed here: #7039
The solution at the time was to simply ignore these dependencies but I believe there is a solution for self-contained packages that could be added.

I created a sample dotnet project, added one library YamlDotNet and published it as self-contained. Here is the generated deps.json.

{
  "runtimeTarget": {
    "name": ".NETCoreApp,Version=v9.0/osx-arm64",
    "signature": ""
  },
  "compilationOptions": {},
  "targets": {
    ".NETCoreApp,Version=v9.0": {},
    ".NETCoreApp,Version=v9.0/osx-arm64": {
      "selfcontained/1.0.0": {
        "dependencies": {
          "YamlDotNet": "16.3.0",
          "runtimepack.Microsoft.NETCore.App.Runtime.osx-arm64": "9.0.1"
        },
        "runtime": {
          "selfcontained.dll": {}
        }
      },
      "runtimepack.Microsoft.NETCore.App.Runtime.osx-arm64/9.0.1": {
        "runtime": {
          "Microsoft.CSharp.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "Microsoft.VisualBasic.Core.dll": {
            "assemblyVersion": "14.0.0.0",
            "fileVersion": "14.0.124.61010"
          },
          "Microsoft.VisualBasic.dll": {
            "assemblyVersion": "10.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "Microsoft.Win32.Primitives.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "Microsoft.Win32.Registry.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.AppContext.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Buffers.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Collections.Concurrent.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Collections.Immutable.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Collections.NonGeneric.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Collections.Specialized.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Collections.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.ComponentModel.Annotations.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.ComponentModel.DataAnnotations.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.ComponentModel.EventBasedAsync.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.ComponentModel.Primitives.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.ComponentModel.TypeConverter.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.ComponentModel.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Configuration.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Console.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Core.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Data.Common.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Data.DataSetExtensions.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Data.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Diagnostics.Contracts.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Diagnostics.Debug.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Diagnostics.DiagnosticSource.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Diagnostics.FileVersionInfo.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Diagnostics.Process.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Diagnostics.StackTrace.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Diagnostics.TextWriterTraceListener.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Diagnostics.Tools.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Diagnostics.TraceSource.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Diagnostics.Tracing.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Drawing.Primitives.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Drawing.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Dynamic.Runtime.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Formats.Asn1.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Formats.Tar.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Globalization.Calendars.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Globalization.Extensions.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Globalization.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.Compression.Brotli.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.Compression.FileSystem.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.Compression.ZipFile.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.Compression.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.FileSystem.AccessControl.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.FileSystem.DriveInfo.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.FileSystem.Primitives.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.FileSystem.Watcher.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.FileSystem.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.IsolatedStorage.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.MemoryMappedFiles.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.Pipelines.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.Pipes.AccessControl.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.Pipes.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.UnmanagedMemoryStream.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.IO.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Linq.Expressions.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Linq.Parallel.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Linq.Queryable.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Linq.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Memory.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.Http.Json.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.Http.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.HttpListener.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.Mail.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.NameResolution.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.NetworkInformation.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.Ping.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.Primitives.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.Quic.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.Requests.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.Security.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.ServicePoint.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.Sockets.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.WebClient.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.WebHeaderCollection.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.WebProxy.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.WebSockets.Client.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.WebSockets.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Net.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Numerics.Vectors.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Numerics.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.ObjectModel.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Private.CoreLib.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Private.DataContractSerialization.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Private.Uri.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Private.Xml.Linq.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Private.Xml.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Reflection.DispatchProxy.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Reflection.Emit.ILGeneration.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Reflection.Emit.Lightweight.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Reflection.Emit.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Reflection.Extensions.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Reflection.Metadata.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Reflection.Primitives.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Reflection.TypeExtensions.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Reflection.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Resources.Reader.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Resources.ResourceManager.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Resources.Writer.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.CompilerServices.Unsafe.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.CompilerServices.VisualC.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.Extensions.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.Handles.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.InteropServices.JavaScript.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.InteropServices.RuntimeInformation.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.InteropServices.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.Intrinsics.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.Loader.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.Numerics.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.Serialization.Formatters.dll": {
            "assemblyVersion": "8.1.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.Serialization.Json.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.Serialization.Primitives.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.Serialization.Xml.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.Serialization.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Runtime.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.AccessControl.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.Claims.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.Cryptography.Algorithms.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.Cryptography.Cng.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.Cryptography.Csp.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.Cryptography.Encoding.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.Cryptography.OpenSsl.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.Cryptography.Primitives.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.Cryptography.X509Certificates.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.Cryptography.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.Principal.Windows.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.Principal.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.SecureString.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Security.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.ServiceModel.Web.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.ServiceProcess.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Text.Encoding.CodePages.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Text.Encoding.Extensions.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Text.Encoding.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Text.Encodings.Web.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Text.Json.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Text.RegularExpressions.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Threading.Channels.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Threading.Overlapped.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Threading.Tasks.Dataflow.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Threading.Tasks.Extensions.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Threading.Tasks.Parallel.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Threading.Tasks.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Threading.Thread.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Threading.ThreadPool.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Threading.Timer.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Threading.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Transactions.Local.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Transactions.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.ValueTuple.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Web.HttpUtility.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Web.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Windows.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Xml.Linq.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Xml.ReaderWriter.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Xml.Serialization.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Xml.XDocument.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Xml.XPath.XDocument.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Xml.XPath.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Xml.XmlDocument.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Xml.XmlSerializer.dll": {
            "assemblyVersion": "9.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.Xml.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "System.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "WindowsBase.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "mscorlib.dll": {
            "assemblyVersion": "4.0.0.0",
            "fileVersion": "9.0.124.61010"
          },
          "netstandard.dll": {
            "assemblyVersion": "2.1.0.0",
            "fileVersion": "9.0.124.61010"
          }
        },
        "native": {
          "createdump": {
            "fileVersion": "0.0.0.0"
          },
          "libSystem.Globalization.Native.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libSystem.IO.Compression.Native.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libSystem.Native.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libSystem.Net.Security.Native.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libSystem.Security.Cryptography.Native.Apple.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libSystem.Security.Cryptography.Native.OpenSsl.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libclrgc.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libclrgcexp.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libclrjit.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libcoreclr.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libhostfxr.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libhostpolicy.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libmscordaccore.dylib": {
            "fileVersion": "0.0.0.0"
          },
          "libmscordbi.dylib": {
            "fileVersion": "0.0.0.0"
          }
        }
      },
      "YamlDotNet/16.3.0": {
        "runtime": {
          "lib/net8.0/YamlDotNet.dll": {
            "assemblyVersion": "16.0.0.0",
            "fileVersion": "16.3.0.0"
          }
        }
      }
    }
  },
  "libraries": {
    "selfcontained/1.0.0": {
      "type": "project",
      "serviceable": false,
      "sha512": ""
    },
    "runtimepack.Microsoft.NETCore.App.Runtime.osx-arm64/9.0.1": {
      "type": "runtimepack",
      "serviceable": false,
      "sha512": ""
    },
    "YamlDotNet/16.3.0": {
      "type": "package",
      "serviceable": true,
      "sha512": "sha512-SgMOdxbz8X65z8hraIs6hOEdnkH6hESTAIUa7viEngHOYaH+6q5XJmwr1+yb9vJpNQ19hCQY69xbFsLtXpobQA==",
      "path": "yamldotnet/16.3.0",
      "hashPath": "yamldotnet.16.3.0.nupkg.sha512"
    }
  },
  "runtimes": {
    "osx-arm64": [
      "osx",
      "unix-arm64",
      "unix",
      "any",
      "base"
    ]
  }
}

Looking inside the publish directory, it's inuding these dll files:

ls publish/
createdump						System.Globalization.Extensions.dll			System.Runtime.Extensions.dll
libclrgc.dylib						System.IO.Compression.Brotli.dll			System.Runtime.Handles.dll
libclrgcexp.dylib					System.IO.Compression.dll				System.Runtime.InteropServices.dll
libclrjit.dylib						System.IO.Compression.FileSystem.dll			System.Runtime.InteropServices.JavaScript.dll
libcoreclr.dylib					System.IO.Compression.ZipFile.dll			System.Runtime.InteropServices.RuntimeInformation.dll
libhostfxr.dylib					System.IO.dll						System.Runtime.Intrinsics.dll
libhostpolicy.dylib					System.IO.FileSystem.AccessControl.dll			System.Runtime.Loader.dll
libmscordaccore.dylib					System.IO.FileSystem.dll				System.Runtime.Numerics.dll
libmscordbi.dylib					System.IO.FileSystem.DriveInfo.dll			System.Runtime.Serialization.dll
libSystem.Globalization.Native.dylib			System.IO.FileSystem.Primitives.dll			System.Runtime.Serialization.Formatters.dll
libSystem.IO.Compression.Native.dylib			System.IO.FileSystem.Watcher.dll			System.Runtime.Serialization.Json.dll
libSystem.Native.dylib					System.IO.IsolatedStorage.dll				System.Runtime.Serialization.Primitives.dll
libSystem.Net.Security.Native.dylib			System.IO.MemoryMappedFiles.dll				System.Runtime.Serialization.Xml.dll
libSystem.Security.Cryptography.Native.Apple.dylib	System.IO.Pipelines.dll					System.Security.AccessControl.dll
libSystem.Security.Cryptography.Native.OpenSsl.dylib	System.IO.Pipes.AccessControl.dll			System.Security.Claims.dll
Microsoft.CSharp.dll					System.IO.Pipes.dll					System.Security.Cryptography.Algorithms.dll
Microsoft.VisualBasic.Core.dll				System.IO.UnmanagedMemoryStream.dll			System.Security.Cryptography.Cng.dll
Microsoft.VisualBasic.dll				System.Linq.dll						System.Security.Cryptography.Csp.dll
Microsoft.Win32.Primitives.dll				System.Linq.Expressions.dll				System.Security.Cryptography.dll
Microsoft.Win32.Registry.dll				System.Linq.Parallel.dll				System.Security.Cryptography.Encoding.dll
mscorlib.dll						System.Linq.Queryable.dll				System.Security.Cryptography.OpenSsl.dll
netstandard.dll						System.Memory.dll					System.Security.Cryptography.Primitives.dll
selfcontained						System.Net.dll						System.Security.Cryptography.X509Certificates.dll
selfcontained.deps.json					System.Net.Http.dll					System.Security.dll
selfcontained.dll					System.Net.Http.Json.dll				System.Security.Principal.dll
selfcontained.pdb					System.Net.HttpListener.dll				System.Security.Principal.Windows.dll
selfcontained.runtimeconfig.json			System.Net.Mail.dll					System.Security.SecureString.dll
System.AppContext.dll					System.Net.NameResolution.dll				System.ServiceModel.Web.dll
System.Buffers.dll					System.Net.NetworkInformation.dll			System.ServiceProcess.dll
System.Collections.Concurrent.dll			System.Net.Ping.dll					System.Text.Encoding.CodePages.dll
System.Collections.dll					System.Net.Primitives.dll				System.Text.Encoding.dll
System.Collections.Immutable.dll			System.Net.Quic.dll					System.Text.Encoding.Extensions.dll
System.Collections.NonGeneric.dll			System.Net.Requests.dll					System.Text.Encodings.Web.dll
System.Collections.Specialized.dll			System.Net.Security.dll					System.Text.Json.dll
System.ComponentModel.Annotations.dll			System.Net.ServicePoint.dll				System.Text.RegularExpressions.dll
System.ComponentModel.DataAnnotations.dll		System.Net.Sockets.dll					System.Threading.Channels.dll
System.ComponentModel.dll				System.Net.WebClient.dll				System.Threading.dll
System.ComponentModel.EventBasedAsync.dll		System.Net.WebHeaderCollection.dll			System.Threading.Overlapped.dll
System.ComponentModel.Primitives.dll			System.Net.WebProxy.dll					System.Threading.Tasks.Dataflow.dll
System.ComponentModel.TypeConverter.dll			System.Net.WebSockets.Client.dll			System.Threading.Tasks.dll
System.Configuration.dll				System.Net.WebSockets.dll				System.Threading.Tasks.Extensions.dll
System.Console.dll					System.Numerics.dll					System.Threading.Tasks.Parallel.dll
System.Core.dll						System.Numerics.Vectors.dll				System.Threading.Thread.dll
System.Data.Common.dll					System.ObjectModel.dll					System.Threading.ThreadPool.dll
System.Data.DataSetExtensions.dll			System.Private.CoreLib.dll				System.Threading.Timer.dll
System.Data.dll						System.Private.DataContractSerialization.dll		System.Transactions.dll
System.Diagnostics.Contracts.dll			System.Private.Uri.dll					System.Transactions.Local.dll
System.Diagnostics.Debug.dll				System.Private.Xml.dll					System.ValueTuple.dll
System.Diagnostics.DiagnosticSource.dll			System.Private.Xml.Linq.dll				System.Web.dll
System.Diagnostics.FileVersionInfo.dll			System.Reflection.DispatchProxy.dll			System.Web.HttpUtility.dll
System.Diagnostics.Process.dll				System.Reflection.dll					System.Windows.dll
System.Diagnostics.StackTrace.dll			System.Reflection.Emit.dll				System.Xml.dll
System.Diagnostics.TextWriterTraceListener.dll		System.Reflection.Emit.ILGeneration.dll			System.Xml.Linq.dll
System.Diagnostics.Tools.dll				System.Reflection.Emit.Lightweight.dll			System.Xml.ReaderWriter.dll
System.Diagnostics.TraceSource.dll			System.Reflection.Extensions.dll			System.Xml.Serialization.dll
System.Diagnostics.Tracing.dll				System.Reflection.Metadata.dll				System.Xml.XDocument.dll
System.dll						System.Reflection.Primitives.dll			System.Xml.XmlDocument.dll
System.Drawing.dll					System.Reflection.TypeExtensions.dll			System.Xml.XmlSerializer.dll
System.Drawing.Primitives.dll				System.Resources.Reader.dll				System.Xml.XPath.dll
System.Dynamic.Runtime.dll				System.Resources.ResourceManager.dll			System.Xml.XPath.XDocument.dll
System.Formats.Asn1.dll					System.Resources.Writer.dll				WindowsBase.dll
System.Formats.Tar.dll					System.Runtime.CompilerServices.Unsafe.dll		YamlDotNet.dll
System.Globalization.Calendars.dll			System.Runtime.CompilerServices.VisualC.dll
System.Globalization.dll				System.Runtime.dll

Using powershell I can get the version of the dll files. The FileVersion here matches the fileVersion in the deps.json under targets.runtimepack.Microsoft.NETCore.App.Runtime.osx-arm64/9.0.1.runtime.

(Get-Item ./publish/Microsoft.CSharp.dll).VersionInfo

ProductVersion   FileVersion      FileName
--------------   -----------      --------
9.0.1+c8acea226… 9.0.124.61010    /Users/colby/od/trivy/test/selfcontained/publish/Microsoft.CSharp.dll

I am able to determine the package is self contained if a type: runtimepack exists under the libraries section in the deps.json file. Using this information Trivy could find the exact version of dll files packaged when the project is published as self-contained.

Target

SBOM

Scanner

None

octocolby · 2025-10-08T23:46:04Z

octocolby
Oct 8, 2025
Author

I have made an attempt at adding this feature myself here: #9627

0 replies

DmitriyLewen · 2025-11-03T12:30:37Z

DmitriyLewen
Nov 3, 2025
Maintainer

Hi! Sorry for the late reply.
I’ve thought about your suggestion and I’m not sure that the approach from #9627 would be the right one.

Correct me if I’m wrong:

To run a “regular” application, a compatible .NET Runtime must be installed on the machine.
The application then uses system libraries from that runtime (with versions matching the installed .NET Runtime).

That means if I build a deps.json file, then update the .NET Runtime and build it again —
the system libraries might have different versions.

That’s not ideal:
• The reproducibility of the SBOM decreases (on different machines and with different .NET Runtime versions).
• It may confuse users (I’m not sure all of them need to know which versions of system libraries are used — they just use the required runtime version).

But I understand your idea.
At the moment, Trivy doesn’t have dependency types — #7165 —
so it’s not easy to filter or hide such dependencies by default (like we do with Dev dependencies).

So I suggest waiting for feedback from our users.
If this feature is in demand, we’ll decide which dependencies to show and how to hide them.

Regards, Dmitriy

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add the ability to include system libraries in self-contained dotnet project #9626

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Add the ability to include system libraries in self-contained dotnet project #9626

Uh oh!

octocolby Oct 8, 2025

Description

Target

Scanner

Replies: 2 comments

Uh oh!

octocolby Oct 8, 2025 Author

Uh oh!

DmitriyLewen Nov 3, 2025 Maintainer

octocolby
Oct 8, 2025

octocolby
Oct 8, 2025
Author

DmitriyLewen
Nov 3, 2025
Maintainer