Plugins

Sonobuoy was always designed to facilitate third-party plugins in order to accommodate custom testing requirements, and recently, the work on Sonobuoy made some advanced plugins possible to create.

Read more about the first Sonobuoy plugins here.

CIS Benchmarks

This plugin utilizes the kube-bench implementation of the CIS security benchmarks. It is technically two plugins; one to run the checks on the master nodes and another to run the checks on the worker nodes.

End-to-End Testing

The Kubernetes end-to-end testing plugin (the e2e plugin) is used to run tests which are maintained by the upstream Kubernetes community in the kubernetes/kubernetes repo.

Systemd-logs

Gather log information from systemd, by chrooting into the node's filesystem and running journalctl. Used by Sonobuoy for gathering host logs in a Kubernetes cluster.

Kube-hunter

This plugin runs Aqua Security’s kube-hunter. It increases awareness and visibility of security issues in Kubernetes environments.

Who-can

This plugin utilizes the kubectl-who-can project from AquaSecurity to produce a report that shows which subjects have RBAC permissions to perform actions (verbs) against resources in the cluster.

This plugin is currently being created.

Getting Started

To help you get started, see the documentation.