turbot/docker_compliance
GitHub
Loading controls...

Control: 4.5 Ensure Content trust for Docker is Enabled

Description

Content trust is disabled by default and should be enabled in line with organizational security policy.

Content trust provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side verification of the identity and the publisher of specific image tags and ensures the provenance of container images.

Remediation

To enable content trust in a bash shell, you should enter the following command:

export DOCKER_CONTENT_TRUST=1

Alternatively, you could set this environment variable in your profile file so that content trust in enabled on every login.

Default Value

By default, content trust is disabled.

Usage

Run the control in your terminal:

steampipe check docker_compliance.control.cis_v160_4_5

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share docker_compliance.control.cis_v160_4_5

SQL

This control uses a named query:

exec_docker_container_trust_enabled

Tags