Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

CIS Benchmarks

This plugin utilizes the kube-bench implementation of the CIS security benchmarks. It is technically two plugins; one to run the checks on the master nodes and another to run the checks on the worker nodes.


To run this plugin, run the following command:

sonobuoy run --plugin --plugin


To run both plugins (with the command above) the following assumptions are made:

  • One or more master node (with the label
  • One or more worker node (without the master node label)
  • Using Kubernetes 1.13+
  • Sonobuoy 0.16.4 (relies on support for node affinity and the command above expects --plugin to take a URL)

If you just want to run one or the other checks, specify only one of the plugins rather than both.


Although you can run the plugins by specifying the URL for the YAML in this repository, you can also download the YAML and modify it if you need a custom mount or would like to specify other options to the kube-bench application.

You can’t perform that action at this time.