Check Certificate Validation Curl


The --insecure option with the curl command tells curl to bypass SSL certificate verification. This includes the risk of connecting to a server that is not who it claims to be, potentially exposing sensitive information or becoming vulnerable to man-in-the-middle attacks. This policy checks whether certificate validation is disabled in the Dockerfile using the --insecure option when running the curl command.

Kyverno policy

Refer to the Nirmata curated policies - check-certificate-validation-curl.

Resource example

Below is an example of a Dockerfile enforcing this policy.

FROM alpine:latest

RUN apk --no-cache add curl

RUN curl -LO