---
title: "Validate Expose Port 22"
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/dockerfile_best_practices/validate-expose-port-22/
---


### Description

Exposing port 22 in a Dockerfile can pose security risks by potentially allowing unauthorized access to the containerized system. This policy aims to validate whether port 22 is exposed in Dockerfiles to enhance security practices.

### Kyverno policy

Refer to the Nirmata curated policies - [validate-expose-port-22](https://github.com/nirmata/kyverno-policies/blob/main/dockerfile-best-practices/validate-expose-port-22/validate-expose-port-22.yaml).

### Resource example

Below is an example of a Dockerfile enforcing this policy.

```bash
FROM ubuntu:latest

EXPOSE 8080
```text