Sonobuoy was always designed to facilitate third-party plugins in order to accommodate custom testing requirements, and recently, the work on Sonobuoy made some advanced plugins possible to create.
Read more about the first Sonobuoy plugins here.
This plugin utilizes the kube-bench implementation of the CIS security benchmarks. It is technically two plugins; one to run the checks on the master nodes and another to run the checks on the worker nodes.
Gather log information from systemd, by chrooting into the node’s filesystem and running journalctl. Used by Sonobuoy for gathering host logs in a Kubernetes cluster.
This plugin runs Aqua Security’s kube-hunter. It increases awareness and visibility of security issues in Kubernetes environments.
This plugin allows the collection of cluster information, such as workload and operational details, across all namespaces.