Check Certificate Validation pip3


In pip3, the --trusted-host flag allows you to mark a specific host as trusted, even if it’s not included in the list of trusted hosts specified in the configuration files. This is typically used when packages are installed from custom repositories or when accessing repositories over insecure connections. This policy checks whether certificate validation is disabled in the Dockerfile using --trusted-host option when running the pip3 command.

Kyverno policy

Refer to the Nirmata curated policies - check-certificate-validation-pip3.

Resource example

Below is an example of a Dockerfile enforcing this policy.

FROM python


RUN pip3 install numpy

CMD ["echo", "Installed successfully"]