Check Certificate Validation Wget

Description

When the --no-check-certificate option is used with wget, wget gets instructed to ignore SSL certificate verification while making HTTPS connections. This option allows wget to download files from HTTPS URLs without validating the SSL certificate presented by the server. This policy checks whether certificate validation is disabled in the Dockerfile using --no-check-certificate option when running the wget command.

Kyverno policy

Refer to the Nirmata curated policies - check-certificate-validation-wget.

Resource example

Below is an example of a Dockerfile enforcing this policy.

FROM alpine:latest

RUN apk --no-cache add wget

RUN wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.17.2.tar.xz

ENTRYPOINT ["wget"]