Add Prowler mutelist and fix kube-state-metrics seccomp

Add mutelist files to suppress expected/accepted Prowler findings: - apiserver: minikube control plane flags (12 checks) - control-plane: scheduler, controller-manager, kubelet (3 checks) - core-pod-security: system pods, operator-managed, expected ops (7 checks) - rbac: built-in K8s roles, ArgoCD, CNPG (3 checks) Mutelist files are stored individually in mutelist/ for maintainability and merged at runtime via an initContainer before the scan runs. Muted findings appear as status=MUTED in reports (not hidden). Also adds missing seccomp RuntimeDefault profile to kube-state-metrics. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 17:00:24 -07:00 · 2026-03-30 17:00:24 -07:00 · 0b68d48eba
commit 0b68d48eba
parent 1e391f96bb
8 changed files with 240 additions and 0 deletions
--- a/docs/changelog.d/prowler-mutelist.infra.md
+++ b/docs/changelog.d/prowler-mutelist.infra.md
@ -0,0 +1 @@
+Add Prowler mutelist to suppress expected findings from system components, operator-managed pods, and accepted operational needs. Fix missing seccomp profile on kube-state-metrics.
				`@ -0,0 +1 @@`
				`Add Prowler mutelist to suppress expected findings from system components, operator-managed pods, and accepted operational needs. Fix missing seccomp profile on kube-state-metrics.`