Information
Verify authenticity of the packages before installing them in the image.
Rationale:
Verifying authenticity of the packages is essential for building a secure container image. Tampered packages could potentially be malicious or have some known vulnerabilities that could be exploited.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Use GPG keys for downloading and verifying packages or any other secure package distribution mechanism of your choice.
Impact:
None
Default Value:
Not Applicable