Check Unauthentication


The usage of --allow-unauthenticated flag in a Dockerfile is generally not recommended because it disables the validation of package signatures. This flag is specific to certain package managers (like APT for Debian-based systems) and allows the installation of packages without checking their cryptographic signatures. This policy checks if the Dockerfile contains the –allow-unauthenticated flag and gives Failing check if it contains the --allow-unauthenticated flag.

Kyverno policy

Refer to the Nirmata curated policies - check-unauthentication.

Resource example

Below is an example of a Dockerfile enforcing this policy.

FROM ubuntu:latest

RUN apt-get update && \
     apt-get install -y yamllint


COPY . /app


CMD ["echo", "Container is running!"]