Check Certificate Validation Curl
Description
The --insecure
option with the curl
command tells curl to bypass SSL certificate verification. This includes the risk of connecting to a server that is not who it claims to be, potentially exposing sensitive information or becoming vulnerable to man-in-the-middle attacks. This policy checks whether certificate validation is disabled in the Dockerfile using the --insecure
option when running the curl
command.
Kyverno policy
Refer to the Nirmata curated policies - check-certificate-validation-curl.
Resource example
Below is an example of a Dockerfile enforcing this policy.
FROM alpine:latest
RUN apk --no-cache add curl
RUN curl -LO https://github.com/glasskube/glasskube/releases/download/v0.0.1/glasskube_v0.0.1_amd64.deb
ENTRYPOINT ["curl"]