---
title: "Check Certificate Validation Wget"
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/dockerfile_best_practices/check-certificate-validation-wget/
---


### Description

When the `--no-check-certificate` option is used with wget, wget gets instructed to ignore SSL certificate verification while making HTTPS connections. This option allows wget to download files from HTTPS URLs without validating the SSL certificate presented by the server. This policy checks whether certificate validation is disabled in the Dockerfile using `--no-check-certificate` option when running the wget command.

### Kyverno policy

Refer to the Nirmata curated policies - [check-certificate-validation-wget](https://github.com/nirmata/kyverno-policies/blob/main/dockerfile-best-practices/check-certificate-validation-wget/check-certificate-validation-wget.yaml).

### Resource example

Below is an example of a Dockerfile enforcing this policy.

```bash
FROM alpine:latest

RUN apk --no-cache add wget

RUN wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.17.2.tar.xz

ENTRYPOINT ["wget"]
```text