Prisma Cloud Checks fails for secret store CSI driver Daemonset

[mustaFAB53]

Describe the solution you'd like On running Prisma Cloud Scan, we could see following checks getting failed for secret-store-csi-driver daeomonset

• Mount container's root filesystem as read only
• Do not disable default seccomp profile
• Restrict container from acquiring additional privileges
• Do not set mount propagation mode to shared
• Container is running as root
• Do not use privileged containers
• Verify AppArmor profile, if applicable

Does all these failures needs to be added in exceptions considering functional requirements of secret store CSI driver or are there any chances we can resolve few of them.

Environment:

• Secrets Store CSI Driver version: v1.4.6 (driver:v1.4.0, csi-node-driver-registrar:v2.8.0, livenessprobe:v2.10.0)
• Kubernetes version: v1.29

[mustaFAB53]

Hi Team Any updates / comments on this ?