In Compliance Operator Documentation title we provide following insight to prevent customer to eventually have multiple instances/scans on the same host when it comes to deal with schedulable/worker labeled ctlplane nodes (i.e. compact clusters)

For all-in-one control plane and worker nodes, the compliance scan runs twice on the worker and control plane nodes. The compliance scan might generate inconsistent scan results. You can avoid inconsistent results by defining only a single role in the ScanSetting object. 

However, the File Integrity Operator documentation currently misses a similar suggestion. This might lead to sub-optimal deployments customer side, for example creating both master-fileintegrity (selector: master role) and worker-fileintegrity (selector: worker role) CRs on clusters where ctlplane nodes are labeled as workers.