Check Certificate Validation pip3

Description

In pip3, the --trusted-host flag allows you to mark a specific host as trusted, even if it’s not included in the list of trusted hosts specified in the configuration files. This is typically used when packages are installed from custom repositories or when accessing repositories over insecure connections. This policy checks whether certificate validation is disabled in the Dockerfile using --trusted-host option when running the pip3 command.

Kyverno policy

Refer to the Nirmata curated policies - check-certificate-validation-pip3.

Resource example

Below is an example of a Dockerfile enforcing this policy.

FROM python

WORKDIR /app

RUN pip3 install numpy

CMD ["echo", "Installed successfully"]