Dockerfile certificate validation is disabled with wget

Description

Using `wget` with the `--no-check-certificate` option tells wget to bypass SSL certificate verification when fetching content over HTTPS.

When you use the `--no-check-certificate` option, you're telling wget to ignore validating the SSL certificate of the server it's connecting to. This makes the connection susceptible to man-in-the-middle (MitM) attacks. In a MitM attack, an attacker can intercept the traffic between wget and the server, possibly altering the content or redirecting to a malicious source.

Code Example

dockerfile

- RUN wget --no-check-certificate https://example.com/somepackage.tar.gz -O /tmp/somepackage.tar.gz
+ RUN wget https://example.com/somepackage.tar.gz -O /tmp/somepackage.tar.gz

Remediation

Docker

Rule Details

Field	Value
ID	IAC-0847
Severity	HIGH
IaC Type	dockerfile
Frameworks	Docker
Checkov ID	CKV2_DOCKER_3

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Dockerfile certificate validation is disabled with wget

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Dockerfile certificate validation is disabled with wget ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Dockerfile certificate validation is disabled with wget

Description

Code Example

Remediation

Rule Details

References