Details
Verify authenticity of the packages before installing them in the image.Verifying authenticity of the packages is essential for building a secure container image.
Tampered packages could potentially be malicious or have some known vulnerabilities that
could be exploited.
Solution
Use GPG keys for downloading and verifying packages or any other secure package
distribution mechanism of your choice.Impact-NoneDefault Value-Not Applicable
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.