Information
You should verify the authenticity of packages before installing them into images.
Rationale:
Verifying authenticity of software packages is essential for building a secure container image. Packages with no known provenance could potentially be malicious or have vulnerabilities that could be exploited.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
You should use a secure package distribution mechanism of your choice to ensure the authenticity of software packages.
Impact:
None
Default Value:
Not Applicable