This Sonobuoy plugin, bulkhead performs automated CIS Benchmark assessments against your Kubernetes cluster master and worker nodes by using kube-bench and outputs those results in the native kube-bench json format.

NOTE: This plugin was not officially created by either Heptio or Aqua Security. It is also in the very early stages.

1. Edit the Makefile to use your container registry
2. Run make && make push to build and push your image
3. Modify examples/benchmark.yml to change your image location
4. Run kubectl create -f examples/benchmark.yml to install Sonobuoy with this plugin enabled/running.
5. When the scan(s) are complete, collect the results: kubectl cp heptio-sonobuoy/sonobuoy:/tmp/sonobuoy ./results --namespace=heptio-sonobuoy
6. View the results: cd results && tar -zxvf *.tar.gz && cd plugins/bulkhead
7. Clean up: kubectl delete -f examples/benchmark.yml (This removes all scan data, too)

• Work on a Sonobuoy results parser