Sonobuoy was always designed to facilitate third-party plugins in order to accommodate custom testing requirements, and recently, the work on Sonobuoy made some advanced plugins possible to create.
Read more about the first Sonobuoy plugins here.
This plugin utilizes the kube-bench implementation of the CIS security benchmarks. It is technically two plugins; one to run the checks on the master nodes and another to run the checks on the worker nodes.
This plugin runs Aqua Security’s kube-hunter. It increases awareness and visibility of security issues in Kubernetes environments.
This plugin utilizes the kubectl-who-can project from AquaSecurity to produce a report that shows which subjects have RBAC permissions to perform actions (verbs) against resources in the cluster.
This plugin is currently being created.