Dockerfile uses a trusted host with pip
Description
Using the `--trusted-host` option with `pip` in Dockerfiles can be risky. This option bypasses SSL certificate verification when installing Python packages from the specified host, making it potentially easier for malicious packages to be installed without detection.
While using trusted hosts might be necessary in some environments where certain internal repositories are used without SSL, it should be done with caution. The absence of SSL certificate verification increases the risk of man-in-the-middle (MitM) attacks, where unauthorized actors can intercept or alter traffic between `pip` and the repository, leading to the possibility of malicious package installations.
Code Example
- ENV PIP_TRUSTED_HOST=myinsecurehost.com
+ # Ensure that the host is safe and no better alternative is available before using
+ ENV PIP_TRUSTED_HOST=myinsecurehost.comRemediation
Docker
If you trust the host and it's for an internal or controlled environment, consider using SSL for that host. If SSL is not an option:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0860 |
| Severity | MEDIUM |
| IaC Type | dockerfile |
| Frameworks | Docker |
| Checkov ID | CKV2_DOCKER_16 |