From eb68c3d408c79edb4a8ea7e6efdf736c077eb7d4 Mon Sep 17 00:00:00 2001 From: ollypom Date: Fri, 8 Mar 2019 16:11:02 +0000 Subject: [PATCH] Added Docker Pull to the content trust verification process --- engine/security/trust/content_trust.md | 1 + 1 file changed, 1 insertion(+) diff --git a/engine/security/trust/content_trust.md b/engine/security/trust/content_trust.md index fd82810f1f..9766c6fa91 100644 --- a/engine/security/trust/content_trust.md +++ b/engine/security/trust/content_trust.md @@ -230,6 +230,7 @@ trusted sources, with repositories and tags signed with the commands [above](#si Engine Signature Verification prevents the following: * `$ docker container run` of an unsigned image. +* `$ docker pull` of an unsigned image. * `$ docker build` where the `FROM` image is not signed or is not scratch. DCT does not verify that a running container’s filesystem has not been altered