Security Vulnerabilities reported in Grafana container

[kalpesh6331]

Description

We are using Grafana in our application for visualizing data from Prometheus As part of our CIS standards, we have run Prisma Cloud container security scan which has reported following vulnerabilities

We would like to know if these can be fixed or already fixed in any future releases If it is fixed via configuration (changes in helm values), would it affect any functionality or working of Grafana? Please note that it is a self baked helm chart we are using to deploy Grafana

Vulnerabilities:

• Mount container's root filesystem as read only
• Do not disable default seccomp profile
• Restrict container from acquiring additional privileges
• Use PIDs cgroup limit
• Secrets in clear text environment variables
• Limit memory usage for container
• Container is running as root

Specifications

Grafana image Version: 9.1.8 Kubernetes Version: 1.23

[kalpesh6331]

Could anyone please update on this?