Add Prowler mutelist and fix kube-state-metrics seccomp #319

Merged

eblume merged 1 commit from prowler-mutelist into main

2026-03-30 17:22:32 -07:00

Author	SHA1	Message	Date
Erich Blume	0b68d48eba	Add Prowler mutelist and fix kube-state-metrics seccomp Add mutelist files to suppress expected/accepted Prowler findings: - apiserver: minikube control plane flags (12 checks) - control-plane: scheduler, controller-manager, kubelet (3 checks) - core-pod-security: system pods, operator-managed, expected ops (7 checks) - rbac: built-in K8s roles, ArgoCD, CNPG (3 checks) Mutelist files are stored individually in mutelist/ for maintainability and merged at runtime via an initContainer before the scan runs. Muted findings appear as status=MUTED in reports (not hidden). Also adds missing seccomp RuntimeDefault profile to kube-state-metrics. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 17:00:24 -07:00

Author

SHA1

Message

Date

Erich Blume

0b68d48eba

Add Prowler mutelist and fix kube-state-metrics seccomp

Add mutelist files to suppress expected/accepted Prowler findings:
- apiserver: minikube control plane flags (12 checks)
- control-plane: scheduler, controller-manager, kubelet (3 checks)
- core-pod-security: system pods, operator-managed, expected ops (7 checks)
- rbac: built-in K8s roles, ArgoCD, CNPG (3 checks)

Mutelist files are stored individually in mutelist/ for maintainability
and merged at runtime via an initContainer before the scan runs.
Muted findings appear as status=MUTED in reports (not hidden).

Also adds missing seccomp RuntimeDefault profile to kube-state-metrics.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-30 17:00:24 -07:00