Verify enable content trust per-shell or per-invocation check
chris-rock opened this issue · comments
Christoph Hartmann commented
In PR #43 we added new controls for 1.13 Not all have an automatic test: https://github.com/dev-sec/cis-docker-benchmark/pull/43/files/85b55d19fb0c152cf2df6df90e419f06614be9c1#diff-157b69b578cf12843b1a4586db95e71aR61
@grdnrio proposed to do the following:
## Enable and disable content trust per-shell or per-invocation
In a shell, you can enable content trust by setting the DOCKER_CONTENT_TRUST environment variable. Enabling per-shell is useful because you can have one shell configured for trusted operations and another terminal shell for untrusted operations. You can also add this declaration to your shell profile to have it turned on always by default.
To enable content trust in a bash shell enter the following command:
export DOCKER_CONTENT_TRUST=1