From a512de6e09495ed469efc2da509550cd67cb3d16 Mon Sep 17 00:00:00 2001
From: Sergey Kanzhelev <S.Kanzhelev@live.com>
Date: Tue, 27 May 2025 21:48:18 +0000
Subject: [PATCH] Clarified the token scope and future plans for the next
 security scan to refer to it

---
 test/e2e_node/runtime_conformance_test.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/test/e2e_node/runtime_conformance_test.go b/test/e2e_node/runtime_conformance_test.go
index 0aa256d4003..e7588ddd2a1 100644
--- a/test/e2e_node/runtime_conformance_test.go
+++ b/test/e2e_node/runtime_conformance_test.go
@@ -41,7 +41,12 @@ var _ = SIGDescribe("Container Runtime Conformance Test", func() {
 	ginkgo.Describe("container runtime conformance blackbox test", func() {
 
 		ginkgo.Context("when running a container with a new image", func() {
-			// The service account only has pull permission
+			// For the future security scans:
+			// The service account only has pull permission.
+			// The container repo is only made private to test private container pulling.
+			// All container images in the repo are public container images
+			// TODO: The long term plan is to come up with the alternative solution to test it:
+			// https://github.com/kubernetes/kubernetes/issues/130271
 			auth := `
 {
 	"auths": {