---
title: "Check Missing Signature Options"
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/dockerfile_best_practices/check-missing-signature-options/
---


### Description

`–nodigest`, `–nosignature`, `–noverify`, `–nofiledigest` options are flags that can used with the rpm command to alter its behavior during installation.This policy ensures that packages with untrusted or missing signatures are not used by rpm via the `–nodigest`, `–nosignature`, `–noverify`, or `–nofiledigest` options.

### Kyverno policy

Refer to the Nirmata curated policies - [check-missing-signature-options](https://github.com/nirmata/kyverno-policies/blob/main/dockerfile-best-practices/check-missing-signature-options/check-missing-signature-options.yaml).

### Resource example

Below is an example of a Dockerfile enforcing this policy.

```bash
FROM centos:7

RUN yum install -y wget

RUN rpm -i vim-enhanced-7.4.629-7.el7.aarch64.rpm

RUN echo "Hello world!"
```text