Prisma Cloud Checks fails for secret store CSI driver Daemonset

[mustaFAB53]

Describe the solution you'd like
On running Prisma Cloud Scan, we could see following checks getting failed for secret-store-csi-driver daeomonset

• Mount container's root filesystem as read only
• Do not disable default seccomp profile
• Restrict container from acquiring additional privileges
• Do not set mount propagation mode to shared
• Container is running as root
• Do not use privileged containers
• Verify AppArmor profile, if applicable

Does all these failures needs to be added in exceptions considering functional requirements of secret store CSI driver or are there any chances we can resolve few of them.

Environment:

• Secrets Store CSI Driver version: v1.4.6 (driver:v1.4.0, csi-node-driver-registrar:v2.8.0, livenessprobe:v2.10.0)
• Kubernetes version: v1.29

[mustaFAB53]

Hi Team
Any updates / comments on this ?

[mustaFAB53]

@aramase any idea on this ?

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale