How to fix SAST analysis issues reported for falco

[kristian-kirilov-rg]

Motivation

Hi there, our company uses checkov to perform SAST analysis for our codebase.
I know some of these things are "by design" but how to handle with the rest?
Please check logs below.

Feature

Just add the required settings in the yaml manifest ...

Alternatives

or in case of they cannot be remediated - clearly state this in the documentation and provide detailed guide how to exclude them from the scanning.

Additional context

I have downloaded the helm chart from the official repository, unpacked the archive, used helm template to show the generated yaml files and scanned them with checkov. Please check here:

helm repo add falcosecurity https://falcosecurity.github.io/charts
helm pull falcosecurity/falco
tar -zxf falco-4.16.0.tgz && cd falco
helm template . > all-falco.yaml
docker run --rm --interactive --tty --entrypoint /bin/sh --volume "$(pwd)":/tf bridgecrew/checkov
cd /tf

Here are all the issues thrown by the checkov engine so far

root@6a5053301d6a:/tf# checkov -f all-falco.yaml

       _               _
   ___| |__   ___  ___| | _______   __
  / __| '_ \ / _ \/ __| |/ / _ \ \ / /
 | (__| | | |  __/ (__|   < (_) \ V /
  \___|_| |_|\___|\___|_|\_\___/ \_/

By Prisma Cloud | version: 3.2.329

kubernetes scan results:

Passed checks: 78, Failed checks: 26, Skipped checks: 0

Check: CKV_K8S_41: "Ensure that default service accounts are not actively used"
	PASSED for resource: ServiceAccount.default.release-name-falco
	File: /all-falco.yaml:3-14
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-38
Check: CKV_K8S_157: "Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings"
	PASSED for resource: Role.default.release-name-falco
	File: /all-falco.yaml:182-201
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-roles-and-clusterroles-that-grant-permissions-to-bind-rolebindings-or-clusterrolebindings-are-minimized
Check: CKV_K8S_158: "Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles"
	PASSED for resource: Role.default.release-name-falco
	File: /all-falco.yaml:182-201
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-roles-and-clusterroles-that-grant-permissions-to-escalate-roles-or-clusterrole-are-minimized
Check: CKV_K8S_49: "Minimize wildcard use in Roles and ClusterRoles"
	PASSED for resource: Role.default.release-name-falco
	File: /all-falco.yaml:182-201
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-minimized-wildcard-use-in-roles-and-clusterroles
Check: CKV_K8S_42: "Ensure that default service accounts are not actively used"
	PASSED for resource: RoleBinding.default.release-name-falco
	File: /all-falco.yaml:203-221
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-default-service-accounts-are-not-actively-used
Check: CKV_K8S_148: "Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-tls-cert-file-and-tls-private-key-file-arguments-are-set-as-appropriate-for-kubelet
Check: CKV_K8S_75: "Ensure that the --authorization-mode argument includes Node"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-authorization-mode-argument-includes-node
Check: CKV_K8S_25: "Minimize the admission of containers with added capability"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-24
Check: CKV_K8S_72: "Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-kubelet-client-certificate-and-kubelet-client-key-arguments-are-set-as-appropriate
Check: CKV_K8S_70: "Ensure that the --token-auth-file argument is not set"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-token-auth-file-parameter-is-not-set
Check: CKV_K8S_94: "Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-audit-log-maxsize-argument-is-set-to-100-or-as-appropriate
Check: CKV_K8S_17: "Containers should not share the host process ID namespace"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-16
Check: CKV_K8S_102: "Ensure that the --etcd-cafile argument is set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-etcd-cafile-argument-is-set-as-appropriate-1
Check: CKV_K8S_71: "Ensure that the --kubelet-https argument is set to true"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-kubelet-https-argument-is-set-to-true
Check: CKV_K8S_96: "Ensure that the --service-account-lookup argument is set to true"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-service-account-lookup-argument-is-set-to-true
Check: CKV_K8S_33: "Ensure the Kubernetes dashboard is not deployed"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-31
Check: CKV_K8S_92: "Ensure that the --audit-log-maxage argument is set to 30 or as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-audit-log-maxage-argument-is-set-to-30-or-as-appropriate
Check: CKV_K8S_68: "Ensure that the --anonymous-auth argument is set to false"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-anonymous-auth-argument-is-set-to-false-1
Check: CKV_K8S_26: "Do not specify hostPort unless absolutely necessary"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-25
Check: CKV_K8S_143: "Ensure that the --streaming-connection-idle-timeout argument is not set to 0"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-streaming-connection-idle-timeout-argument-is-not-set-to-0
Check: CKV_K8S_85: "Ensure that the admission control plugin NodeRestriction is set"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-noderestriction-is-set
Check: CKV_K8S_84: "Ensure that the admission control plugin PodSecurityPolicy is set"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-podsecuritypolicy-is-set
Check: CKV_K8S_86: "Ensure that the --insecure-bind-address argument is not set"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-insecure-bind-address-argument-is-not-set
Check: CKV_K8S_18: "Containers should not share the host IPC namespace"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-17
Check: CKV_K8S_159: "Limit the use of git-sync to prevent code injection"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
Check: CKV_K8S_141: "Ensure that the --read-only-port argument is set to 0"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-read-only-port-argument-is-set-to-0
Check: CKV_K8S_27: "Do not expose the docker daemon socket to containers"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-26
Check: CKV_K8S_39: "Do not use the CAP_SYS_ADMIN linux capability"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-36
Check: CKV_K8S_147: "Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-event-qps-argument-is-set-to-0-or-a-level-which-ensures-appropriate-event-capture
Check: CKV_K8S_82: "Ensure that the admission control plugin ServiceAccount is set"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-serviceaccount-is-set
Check: CKV_K8S_149: "Ensure that the --rotate-certificates argument is not set to false"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-rotate-certificates-argument-is-not-set-to-false
Check: CKV_K8S_81: "Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-securitycontextdeny-is-set-if-podsecuritypolicy-is-not-used
Check: CKV_K8S_105: "Ensure that the API Server only makes use of Strong Cryptographic Ciphers"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-api-server-only-makes-use-of-strong-cryptographic-ciphers
Check: CKV_K8S_35: "Prefer using secrets as files over secrets as environment variables"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-33
Check: CKV_K8S_114: "Ensure that the --profiling argument is set to false"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-profiling-argument-is-set-to-false-1
Check: CKV_K8S_112: "Ensure that the RotateKubeletServerCertificate argument is set to true"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-rotatekubeletservercertificate-argument-is-set-to-true-for-controller-manager
Check: CKV_K8S_95: "Ensure that the --request-timeout argument is set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-request-timeout-argument-is-set-as-appropriate
Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13
Check: CKV_K8S_89: "Ensure that the --secure-port argument is not set to 0"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-secure-port-argument-is-not-set-to-0
Check: CKV_K8S_107: "Ensure that the --profiling argument is set to false"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-profiling-argument-is-set-to-false
Check: CKV_K8S_80: "Ensure that the admission control plugin AlwaysPullImages is set"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-alwayspullimages-is-set
Check: CKV_K8S_34: "Ensure that Tiller (Helm v2) is not deployed"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-32
Check: CKV_K8S_97: "Ensure that the --service-account-key-file argument is set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-service-account-key-file-argument-is-set-as-appropriate
Check: CKV_K8S_88: "Ensure that the --insecure-port argument is set to 0"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-insecure-port-argument-is-set-to-0
Check: CKV_K8S_93: "Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-audit-log-maxbackup-argument-is-set-to-10-or-as-appropriate
Check: CKV_K8S_118: "Ensure that the --auto-tls argument is not set to true"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-auto-tls-argument-is-not-set-to-true
Check: CKV_K8S_111: "Ensure that the --root-ca-file argument is set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-root-ca-file-argument-is-set-as-appropriate
Check: CKV_K8S_106: "Ensure that the --terminated-pod-gc-threshold argument is set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-terminated-pod-gc-threshold-argument-is-set-as-appropriate
Check: CKV_K8S_91: "Ensure that the --audit-log-path argument is set"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-audit-log-path-argument-is-set
Check: CKV_K8S_69: "Ensure that the --basic-auth-file argument is not set"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-basic-auth-file-argument-is-not-set
Check: CKV_K8S_108: "Ensure that the --use-service-account-credentials argument is set to true"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-use-service-account-credentials-argument-is-set-to-true
Check: CKV_K8S_144: "Ensure that the --protect-kernel-defaults argument is set to true"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-protect-kernel-defaults-argument-is-set-to-true
Check: CKV_K8S_151: "Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-kubelet-only-makes-use-of-strong-cryptographic-ciphers
Check: CKV_K8S_115: "Ensure that the --bind-address argument is set to 127.0.0.1"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-bind-address-argument-is-set-to-127001-1
Check: CKV_K8S_83: "Ensure that the admission control plugin NamespaceLifecycle is set"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-namespacelifecycle-is-set
Check: CKV_K8S_119: "Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-peer-cert-file-and-peer-key-file-arguments-are-set-as-appropriate
Check: CKV_K8S_100: "Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-tls-cert-file-and-tls-private-key-file-arguments-are-set-as-appropriate
Check: CKV_K8S_104: "Ensure that encryption providers are appropriately configured"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-etcd-cafile-argument-is-set-as-appropriate
Check: CKV_K8S_77: "Ensure that the --authorization-mode argument includes RBAC"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-authorization-mode-argument-includes-rbac
Check: CKV_K8S_99: "Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-etcd-certfile-and-etcd-keyfile-arguments-are-set-as-appropriate
Check: CKV_K8S_110: "Ensure that the --service-account-private-key-file argument is set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-service-account-private-key-file-argument-is-set-as-appropriate
Check: CKV_K8S_19: "Containers should not share the host network namespace"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-18
Check: CKV_K8S_74: "Ensure that the --authorization-mode argument is not set to AlwaysAllow"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-authorization-mode-argument-is-not-set-to-alwaysallow-1
Check: CKV_K8S_90: "Ensure that the --profiling argument is set to false"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-profiling-argument-is-set-to-false-2
Check: CKV_K8S_146: "Ensure that the --hostname-override argument is not set"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-hostname-override-argument-is-not-set
Check: CKV_K8S_117: "Ensure that the --client-cert-auth argument is set to true"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-client-cert-auth-argument-is-set-to-true
Check: CKV_K8S_139: "Ensure that the --authorization-mode argument is not set to AlwaysAllow"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-authorization-mode-argument-is-not-set-to-alwaysallow
Check: CKV_K8S_145: "Ensure that the --make-iptables-util-chains argument is set to true"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-make-iptables-util-chains-argument-is-set-to-true
Check: CKV_K8S_138: "Ensure that the --anonymous-auth argument is set to false"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-anonymous-auth-argument-is-set-to-false
Check: CKV_K8S_113: "Ensure that the --bind-address argument is set to 127.0.0.1"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-bind-address-argument-is-set-to-127001
Check: CKV_K8S_73: "Ensure that the --kubelet-certificate-authority argument is set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-kubelet-certificate-authority-argument-is-set-as-appropriate
Check: CKV_K8S_79: "Ensure that the admission control plugin AlwaysAdmit is not set"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-alwaysadmit-is-not-set
Check: CKV_K8S_116: "Ensure that the --cert-file and --key-file arguments are set as appropriate"
	PASSED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-cert-file-and-key-file-arguments-are-set-as-appropriate
Check: CKV2_K8S_2: "Granting `create` permissions to `nodes/proxy` or `pods/exec` sub resources allows potential privilege escalation"
	PASSED for resource: RoleBinding.default.release-name-falco
	File: /all-falco.yaml:203-221
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/granting-create-permissions-to-nodesproxy-or-podsexec-sub-resources-allows-potential-privilege-escalation
Check: CKV2_K8S_5: "No ServiceAccount/Node should be able to read all secrets"
	PASSED for resource: RoleBinding.default.release-name-falco
	File: /all-falco.yaml:203-221
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/no-serviceaccountnode-should-be-able-to-read-all-secrets
Check: CKV2_K8S_3: "No ServiceAccount/Node should have `impersonate` permissions for groups/users/service-accounts"
	PASSED for resource: RoleBinding.default.release-name-falco
	File: /all-falco.yaml:203-221
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/no-serviceaccountnode-should-have-impersonate-permissions-for-groupsusersservice-accounts
Check: CKV2_K8S_4: "ServiceAccounts and nodes that can modify services/status may set the `status.loadBalancer.ingress.ip` field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster."
	PASSED for resource: RoleBinding.default.release-name-falco
	File: /all-falco.yaml:203-221
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/serviceaccounts-and-nodes-potentially-exposed-to-cve-2020-8554
Check: CKV2_K8S_1: "RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding"
	PASSED for resource: RoleBinding.default.release-name-falco
	File: /all-falco.yaml:203-221
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/rolebinding-should-not-allow-privilege-escalation-to-a-serviceaccount-or-node-on-other-rolebinding
Check: CKV_K8S_21: "The default namespace should not be used"
	FAILED for resource: ServiceAccount.default.release-name-falco
	File: /all-falco.yaml:3-14
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20

		3  | apiVersion: v1
		4  | kind: ServiceAccount
		5  | metadata:
		6  |   name: release-name-falco
		7  |   namespace: default
		8  |   labels:
		9  |     helm.sh/chart: falco-4.16.0
		10 |     app.kubernetes.io/name: falco
		11 |     app.kubernetes.io/instance: release-name
		12 |     app.kubernetes.io/version: "0.39.2"
		13 |     app.kubernetes.io/managed-by: Helm
		14 | ---

Check: CKV_K8S_21: "The default namespace should not be used"
	FAILED for resource: ConfigMap.default.release-name-falco
	File: /all-falco.yaml:16-145
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_21: "The default namespace should not be used"
	FAILED for resource: ConfigMap.default.release-name-falco-falcoctl
	File: /all-falco.yaml:147-180
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20

		147 | apiVersion: v1
		148 | kind: ConfigMap
		149 | metadata:
		150 |   name: release-name-falco-falcoctl
		151 |   namespace: default
		152 |   labels:
		153 |     helm.sh/chart: falco-4.16.0
		154 |     app.kubernetes.io/name: falco
		155 |     app.kubernetes.io/instance: release-name
		156 |     app.kubernetes.io/version: "0.39.2"
		157 |     app.kubernetes.io/managed-by: Helm
		158 | data:
		159 |   falcoctl.yaml: |-
		160 |     artifact:
		161 |       allowedTypes:
		162 |       - rulesfile
		163 |       - plugin
		164 |       follow:
		165 |         every: 6h
		166 |         falcoversions: http://localhost:8765/versions
		167 |         pluginsDir: /plugins
		168 |         refs:
		169 |         - falco-rules:3
		170 |         rulesfilesDir: /rulesfiles
		171 |       install:
		172 |         pluginsDir: /plugins
		173 |         refs:
		174 |         - falco-rules:3
		175 |         resolveDeps: true
		176 |         rulesfilesDir: /rulesfiles
		177 |     indexes:
		178 |     - name: falcosecurity
		179 |       url: https://falcosecurity.github.io/falcoctl/index.yaml
		180 | ---

Check: CKV_K8S_21: "The default namespace should not be used"
	FAILED for resource: Role.default.release-name-falco
	File: /all-falco.yaml:182-201
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20

		182 | kind: Role
		183 | apiVersion: rbac.authorization.k8s.io/v1
		184 | metadata:
		185 |   name: release-name-falco
		186 |   labels:
		187 |     helm.sh/chart: falco-4.16.0
		188 |     app.kubernetes.io/name: falco
		189 |     app.kubernetes.io/instance: release-name
		190 |     app.kubernetes.io/version: "0.39.2"
		191 |     app.kubernetes.io/managed-by: Helm
		192 | rules:
		193 |   - apiGroups:
		194 |       - ""
		195 |     resources:
		196 |       - configmaps
		197 |     verbs:
		198 |       - get
		199 |       - list
		200 |       - update
		201 | ---

Check: CKV_K8S_21: "The default namespace should not be used"
	FAILED for resource: RoleBinding.default.release-name-falco
	File: /all-falco.yaml:203-221
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20

		203 | kind: RoleBinding
		204 | apiVersion: rbac.authorization.k8s.io/v1
		205 | metadata:
		206 |   name: release-name-falco
		207 |   labels:
		208 |     helm.sh/chart: falco-4.16.0
		209 |     app.kubernetes.io/name: falco
		210 |     app.kubernetes.io/instance: release-name
		211 |     app.kubernetes.io/version: "0.39.2"
		212 |     app.kubernetes.io/managed-by: Helm
		213 | subjects:
		214 |   - kind: ServiceAccount
		215 |     name: release-name-falco
		216 |     namespace: default
		217 | roleRef:
		218 |   kind: Role
		219 |   name: release-name-falco
		220 |   apiGroup: rbac.authorization.k8s.io
		221 | ---

Check: CKV_K8S_11: "CPU limits should be set"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-10

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_8: "Liveness Probe Should be Configured"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_9: "Readiness Probe Should be Configured"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_23: "Minimize the admission of root containers"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_12: "Memory requests should be set"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-11

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_10: "CPU requests should be set"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-9

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_21: "The default namespace should not be used"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_16: "Container should not be privileged"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-15

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_13: "Memory limits should be set"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-12

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_30: "Apply security context to your containers"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_22: "Use read-only filesystem for containers where possible"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_15: "Image Pull Policy should be Always"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-14

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_43: "Image should use digest"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_K8S_29: "Apply security context to your pods and containers"
	FAILED for resource: DaemonSet.default.release-name-falco
	File: /all-falco.yaml:223-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_K8S_6: "Minimize the admission of pods which lack an associated NetworkPolicy"
	FAILED for resource: Pod.default.release-name-falco
	File: /all-falco.yaml:223-452

		Code lines for this resource are too many. Please use IDE of your choice to review the file.

root@6a5053301d6a:/tf#

[Issif]

Hi @kristian-kirilov-rg,

As your issue concerns the Helm chart and not directly falco's source code, can you recreate this issue in https://github.com/falcosecurity/charts, please.

We'll take care of the failed checks with @alacuku and even maybe verify the other charts at the same time

[kristian-kirilov-rg]

Great, thanks.
Will do it.

[sgaist]

@Issif wouldn't it be simpler to transfer this issue ?
Just in case, I tried but I may not have sufficient permissions to do that.

[Issif]

@Issif wouldn't it be simpler to transfer this issue ? Just in case, I tried but I may not have sufficient permissions to do that.

I can't either, let me see with the other maintainers.

[alacuku]

Hey @kristian-kirilov-rg ,

You are running the checkov tool on the default values. For example, all the messages regarding the default namespace would disappear if you changed it.
My suggestion is to configure Falco for your use case and then generate the manifests using the helm template command.

[LucaGuerra]

Transferred this to the charts repo.

[kristian-kirilov-rg]

Hey @kristian-kirilov-rg ,

You are running the checkov tool on the default values. For example, all the messages regarding the default namespace would disappear if you changed it. My suggestion is to configure Falco for your use case and then generate the manifests using the helm template command.

I'm not sure what are you speaking about. We check the Kubernetes template, there is nothing related to the namespace.
The moment when somebody from our team upload such files into our git repository, all the files will be checked by checkov, then the issue will arise again.

[alacuku]

Check: CKV_K8S_21: "The default namespace should not be used"
FAILED for resource: ServiceAccount.default.release-name-falco
File: /all-falco.yaml:3-14
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20

  3  | apiVersion: v1
  4  | kind: ServiceAccount
  5  | metadata:
  6  |   name: release-name-falco
  7  |   namespace: default
  8  |   labels:
  9  |     helm.sh/chart: falco-4.16.0
  10 |     app.kubernetes.io/name: falco
  11 |     app.kubernetes.io/instance: release-name
  12 |     app.kubernetes.io/version: "0.39.2"
  13 |     app.kubernetes.io/managed-by: Helm
  14 | ---

Check: CKV_K8S_21: "The default namespace should not be used"
FAILED for resource: ConfigMap.default.release-name-falco
File: /all-falco.yaml:16-145
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20

  Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_K8S_21: "The default namespace should not be used"
FAILED for resource: ConfigMap.default.release-name-falco-falcoctl
File: /all-falco.yaml:147-180
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20

  147 | apiVersion: v1
  148 | kind: ConfigMap
  149 | metadata:
  150 |   name: release-name-falco-falcoctl
  151 |   namespace: default
  152 |   labels:
  153 |     helm.sh/chart: falco-4.16.0
  154 |     app.kubernetes.io/name: falco
  155 |     app.kubernetes.io/instance: release-name
  156 |     app.kubernetes.io/version: "0.39.2"
  157 |     app.kubernetes.io/managed-by: Helm
  158 | data:
  159 |   falcoctl.yaml: |-
  160 |     artifact:
  161 |       allowedTypes:
  162 |       - rulesfile
  163 |       - plugin
  164 |       follow:
  165 |         every: 6h
  166 |         falcoversions: http://localhost:8765/versions
  167 |         pluginsDir: /plugins
  168 |         refs:
  169 |         - falco-rules:3
  170 |         rulesfilesDir: /rulesfiles
  171 |       install:
  172 |         pluginsDir: /plugins
  173 |         refs:
  174 |         - falco-rules:3
  175 |         resolveDeps: true
  176 |         rulesfilesDir: /rulesfiles
  177 |     indexes:
  178 |     - name: falcosecurity
  179 |       url: https://falcosecurity.github.io/falcoctl/index.yaml
  180 | ---

Check: CKV_K8S_21: "The default namespace should not be used"
FAILED for resource: Role.default.release-name-falco
File: /all-falco.yaml:182-201
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20

  182 | kind: Role
  183 | apiVersion: rbac.authorization.k8s.io/v1
  184 | metadata:
  185 |   name: release-name-falco
  186 |   labels:
  187 |     helm.sh/chart: falco-4.16.0
  188 |     app.kubernetes.io/name: falco
  189 |     app.kubernetes.io/instance: release-name
  190 |     app.kubernetes.io/version: "0.39.2"
  191 |     app.kubernetes.io/managed-by: Helm
  192 | rules:
  193 |   - apiGroups:
  194 |       - ""
  195 |     resources:
  196 |       - configmaps
  197 |     verbs:
  198 |       - get
  199 |       - list
  200 |       - update
  201 | ---

Check: CKV_K8S_21: "The default namespace should not be used"
FAILED for resource: RoleBinding.default.release-name-falco
File: /all-falco.yaml:203-221
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20

  203 | kind: RoleBinding
  204 | apiVersion: rbac.authorization.k8s.io/v1
  205 | metadata:
  206 |   name: release-name-falco
  207 |   labels:
  208 |     helm.sh/chart: falco-4.16.0
  209 |     app.kubernetes.io/name: falco
  210 |     app.kubernetes.io/instance: release-name
  211 |     app.kubernetes.io/version: "0.39.2"
  212 |     app.kubernetes.io/managed-by: Helm
  213 | subjects:
  214 |   - kind: ServiceAccount
  215 |     name: release-name-falco
  216 |     namespace: default
  217 | roleRef:
  218 |   kind: Role
  219 |   name: release-name-falco
  220 |   apiGroup: rbac.authorization.k8s.io
  221 | ---

That's what I'm talking about. The messages clearly refer to resources using the default namespace.

[kristian-kirilov-rg]

I see, no worries, we can exclude these. But the list I showed you above is quite big :-)
So how to deal with the rest?