Information
Ensure that the container image is written either from scratch or is based on another established and trusted base image downloaded over a secure channel.
Rationale:
Official repositories are Docker images curated and optimized by the Docker community or the vendor. There could be other potentially unsafe public repositories. Caution should be exercised when obtaining container images from Docker and third parties to how they will be used for your organization's data.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure and use Docker Content trust.
Inspect Docker image history to evaluate their risk to operate on your network.
Scan Docker images for vulnerabilities in their dependencies and configurations they will impose upon your network.
Impact:
None.
Default Value:
Not Applicable.