Containers and license compliance

It's pointed out in the article that a bunch of these containers pull other containers which pull other containers, etc.. In the end you have a container that's pulling a half dozen other containers and no one even knows what's installed in the container to the point that he provides an example where there are 600+ software packages installed in a single container.

The point of the article is about how hard it is to figure out if you are complying with the licenses in such a situation but the only thing I could think of is what a security nightmare that is because if your container image is pulling other container images you probably can't easily track down what's even installed even if the first container is well documented there is no guarantee all the reference containers are.

I know docker is popular but this is one the things that stops me every time I think of using a Docker container, they are way to black-box for me.