diff --git a/docs/security.md b/docs/security.md
index 0de52547bb116d88b7ea5fbf0e4f605a66118a07..e881a8bcbe7eff6de31eb1d70b6ecc7cf9ac76c7 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -9,3 +9,16 @@ While we aim for best practices in terms of security by default, due to the natu
 * Host Port is set. https://hub.armo.cloud/docs/c-0044 is not relevant since node-exporter is considered as a core platform component running as a DaemonSet.
 * Host PID is set to `true`, since node-exporter requires direct access to the host namespace to gather statistics.
 * Host Network is set to `true`, since node-exporter requires direct access to the host network to gather statistics.
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecar requires connection to kubernetes API server.
+
+#### prometheus-adapter
+* `automountServiceAccountToken` is set to `true` on Pod level as application requires connection to kubernetes API server.
+
+#### blackbox-exporter
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecar requires connection to kubernetes API server.
+
+#### kube-state-metrics
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecars requires connection to kubernetes API server.
+
+#### prometheus-operator
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecars requires connection to kubernetes API server.
diff --git a/kubescape-exceptions.json b/kubescape-exceptions.json
index 11ae81866af5726d0b2de9672ac30fd7c0d2e79f..c260b9f7cfa9042a268e769d0be375d06453815c 100644
--- a/kubescape-exceptions.json
+++ b/kubescape-exceptions.json
@@ -1,4 +1,53 @@
 [
+  {
+    "name": "exclude-automountServiceAccountToken-checks",
+    "policyType": "postureExceptionPolicy",
+    "actions": [
+      "alertOnly"
+    ],
+    "resources": [
+      {
+        "designatorType": "Attributes",
+        "attributes": {
+          "kind": "DaemonSet",
+          "name": "node-exporter"
+        }
+      },
+      {
+        "designatorType": "Attributes",
+        "attributes": {
+          "kind": "Deployment",
+          "name": "blackbox-exporter"
+        }
+      },
+      {
+        "designatorType": "Attributes",
+        "attributes": {
+          "kind": "Deployment",
+          "name": "kube-state-metrics"
+        }
+      },
+      {
+        "designatorType": "Attributes",
+        "attributes": {
+          "kind": "Deployment",
+          "name": "prometheus-adapter"
+        }
+      },
+      {
+        "designatorType": "Attributes",
+        "attributes": {
+          "kind": "Deployment",
+          "name": "prometheus-operator"
+        }
+      }
+    ],
+    "posturePolicies": [
+      {
+        "controlName": "Automatic mapping of service account"
+      }
+    ]
+  },
   {
     "name": "exclude-node-exporter-host-access-checks",
     "policyType": "postureExceptionPolicy",