Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Dockerfile: mitigate certain supply chain attacks using sha256sums
Currently, the Dockerfile downloads various tools and SDKs from external sources without verifying their integrity. This poses a potential security risk as the downloaded files could be tampered with during transit or at the source (supply chain attack). This change introduces SHA256 checksums for all downloaded artifacts and verifies them before installation. This ensures that the files we receive match exactly what we expect, mitigating the risk of supply chain attacks where malicious actors might try to inject compromised versions of these tools. Signed-off-by: Petr Štetiar <[email protected]>
- Loading branch information