fix: secure git clones by removing insecure sslverify flag (#74) #75
Reference in New Issue
Block a user
No description provided.
Delete Branch "ci/secure-cloning"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What this PR will do
(enables proper TLS verification, closes MITM risk).
Why this matters
Disabling TLS certificate verification allowed potential man-in-the-middle attacks during dependency fetching, creating a supply-chain risk.
Explicitly installing ca-certificates ensures the system trust store is present and populated, so Git can verify HTTPS connections using default settings — even on minimal base images.
Resolves #74
Approved — Removes insecure sslverify=false flag and adds ca-certificates for proper SSL verification.