here are some Red Hat operator best practices that need to be followed:
https://docs.google.com/spreadsheets/d/17jUhPlolgvsPrSkkpNP1DTJ4jOTk9UGNd24veSUZu50/edit

Most are optional so let's focus on just the required ones and then create Jira issues for any optional best practices we may want to implement.

Here is the list of required best practice:

• Checks the security context runAsNonRoot parameter in pods and containers to make sure it is not set to false. Pods and containers should not be able to run as root..
• Checks whether the operator needs access to Security Context Constraints. Test passes if clusterPermissions is not present in the CSV manifest or is present with no RBAC rules related to SCCs.
• Tests whether the workload Operators listed in the configuration file have passed the Red Hat Operator Certification Program (OCP).