---
title: "Check Unauthentication"
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/dockerfile_best_practices/check-unauthentication/
---


### Description

The usage of `--allow-unauthenticated` flag in a Dockerfile is generally not recommended because it disables the validation of package signatures. This flag is specific to certain package managers (like APT for Debian-based systems) and allows the installation of packages without checking their cryptographic signatures. This policy checks if the Dockerfile contains the --allow-unauthenticated flag and gives Failing check if it contains the `--allow-unauthenticated` flag.

### Kyverno policy

Refer to the Nirmata curated policies - [check-unauthentication](https://github.com/nirmata/kyverno-policies/blob/main/dockerfile-best-practices/check-authentication/check-unauthentication-install.yaml).

### Resource example

Below is an example of a Dockerfile enforcing this policy.

```bash
FROM ubuntu:latest

RUN apt-get update && \
     apt-get install -y yamllint

WORKDIR /app

COPY . /app

EXPOSE 8080

CMD ["echo", "Container is running!"]
```text