Dockerfile APT package manager is configured to allow unauthenticated packages

Description

Utilizing the `--allow-unauthenticated` or `--force-yes` option with the APT package manager (`apt-get`) in Dockerfiles poses a security concern. These flags allow the installation of packages without verifying their authenticity, effectively bypassing the signature verification process.

Without proper signature verification, there's a heightened risk of installing tampered or malicious packages. This can introduce vulnerabilities or malicious software into your Docker images, potentially compromising the container's security and the integrity of applications running within.

Code Example

dockerfile

- RUN apt-get update && apt-get install -y --allow-unauthenticated somepackage
+ RUN apt-get update && apt-get install -y somepackage

Remediation

Docker

Rule Details

Field	Value
ID	IAC-0852
Severity	MEDIUM
IaC Type	dockerfile
Frameworks	Docker
Checkov ID	CKV2_DOCKER_8

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Dockerfile APT package manager is configured to allow unauthenticated packages

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Dockerfile APT package manager is configured to allow unauthenticated packages ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Dockerfile APT package manager is configured to allow unauthenticated packages

Description

Code Example

Remediation

Rule Details

References