Docker Content Trust

Jan 1, 0001

Definition

Docker Content Trust (DCT) is a security feature that allows users to verify the integrity and publisher of Docker images. It uses digital signatures to ensure that images are not tampered with and are from a trusted source. By enabling DCT, users can enforce policies that only allow the execution of signed images, thereby enhancing the security of container deployments.

Secure Settings Example

# Enable Docker Content Trust by setting the environment variable
export DOCKER_CONTENT_TRUST=1

# Pull an image with content trust enabled
docker pull myrepo/myimage:latest

Insecure Settings Example

# Docker Content Trust is disabled by default, allowing unsigned images
# This can lead to the execution of potentially malicious or tampered images
docker pull myrepo/myimage:latest

Docker Content Trust

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter