4.5 Enable Content trust for Docker

Information

https://docs.docker.com/engine/security/trust/content_trust/
2.https://docs.docker.com/engine/reference/commandline/cli/#notary
3.https://docs.docker.com/engine/reference/commandline/cli/#environment-variables

Solution

To enable content trust in a bash shell, enter the following command-
export DOCKER_CONTENT_TRUST=1
Alternatively, set this environment variable in your profile file so that content trust in enabled on every login.
Impact-
In an environment where DOCKER_CONTENT_TRUST is set, you are required to follow trust procedures while working with images - build, create, pull, push and run. You can use the --disable-content-trust flag to run individual operations on tagged images without content trust on an as-needed basis but that defeats the purpose of enabling content trust and hence, should be avoided wherever possible.
Note- Content trust is currently only available for users of the public Docker Hub. It is currently not available for the Docker Trusted Registry or for private registries.
Default Value-
By default, content trust is disabled.

See Also

https://workbench.cisecurity.org/files/516

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(6)

Plugin: Unix

Control ID: 581e03774052719d8021094dd4213a0a3000ed0456f787e6c69719fee06df8ea