Skip to main content

Impact & Risk Analysis

  • Severity: Medium
  • CIS Benchmark: CIS 4.5
  • Impact: Spoofing & Compromised Provenance. Content trust provides the ability to use digital signatures for data sent to and received from remote Docker registries. Without it, there is no client-side verification of the identity and the publisher of specific image tags, allowing potential spoofing or the use of compromised images.

Common Misconfiguration

Content trust is disabled by default in the Docker client. Unless explicitly enabled, Docker commands will not verify the signatures of images, and users might unknowingly pull malicious or untrusted images.

Vulnerable Example

# Vulnerable Environment (Default)
# DOCKER_CONTENT_TRUST is not set.
# The user pulls an image without verifying its provenance.
docker pull postgres:latest


# Vulnerable CI/CD Step
# No trust environment variable is defined.
RUN docker build -t myapp:latest .

Secure Example

# Secure Environment
# Enabling Content Trust enforces signature verification.
export DOCKER_CONTENT_TRUST=1

# Now, this command will fail if the image is not signed or the signature is invalid.
docker pull postgres:latest

Audit Procedure

You should execute the following command to verify if Content Trust is enabled: 
echo $DOCKER_CONTENT_TRUST
  • Result: This should return a value of 1.
  • Fail: If it returns an empty line or 0, Content Trust is disabled.

Remediation

To enable content trust in a bash shell, you should enter the following command: 
export DOCKER_CONTENT_TRUST=1
Alternatively, you could set this environment variable in your profile file (e.g., .bashrc or .zshrc) so that content trust is enabled on every login.