Skip to main content

CIS benchmark report

To create a CIS benchmark report, create a GlobalReport with the reportType set to cis-benchmark.

The following sample command uses a GlobalReport to create a daily CIS benchmark report that run on all the nodes.

kubectl apply -f - << EOF
kind: GlobalReport
name: daily-cis-benchmark-report
reportType: cis-benchmark
schedule: 0 0 * * *


While there is no extra setup configuration required by the user to generate a benchmark report for Openshift, the result sets will be different than a report generated for regular Kubernetes clusters. Use the Openshift Container Platform Security Guide to cross-reference the benchmark results.

Downloadable reports


A textual representation of the dashboard.

startTimeThe report interval start time.RFC3339 string
endTimeThe report interval start time.RFC3339 string
typeThe type of benchmark reportstring
hiPercentageThresholdThe percentage of passing tests required to rate a node as highint
medPercentageThresholdThe percentage of passing tests required to rate a node as mediumint
hiNodeCountThe number of nodes rated as highint
medNodeCountThe number of nodes rated as mediumint
lowNodeCountThe number of nodes rated as lowint


A .csv file of test result summaries per node.

nodeThe name of the node.string
versionThe version of the platform.string
statusThe rating of the node based on percentage of tests passing.string
testsPassingThe number of tests
testsFailingThe number of tests
testsUnknownThe number of tests whose results are undetermined due to automation
testsTotalThe total number of tests


A .csv file of tests that have failed.

nodeNameNode where the test is executed.string
testIndexIndex of the test on the Kubernetes CIS benchmark.string
statusTest results: PASS, FAIL, INFO.string
scoredIndicates whether the Kubernetes CIS benchmark counts this test towards their scoring.string


A .csv file with tests that were executed on all nodes. Format remains the same as above.