diff --git a/examples/big-bang/README.md b/examples/big-bang/README.md
index d8bb51264d..fff3807b9c 100644
--- a/examples/big-bang/README.md
+++ b/examples/big-bang/README.md
@@ -21,6 +21,14 @@ Because the same cluster will be running both Traefik and Istio, Istio's Virtual
 11. Use a browser to visit the various services, available at https://*.bigbang.dev:9443
 12. When you're done, run `make vm-destroy` to bring everything down
 
+## Kubescape scan
+
+This example adds the `kubescape` binary, which can scan clusters for compliance with the NSA/CISA Kubernetes Hardening Guide
+
+```shell
+kubescape scan framework nsa --use-from /usr/local/bin/kubescape-framework-nsa.json
+```
+
 ## To-Do
 
 1. Re-enable the NetworkPolicies - They got disabled to resolve an issue connecting to the k8s cluster API server, which is fine for a demo but unacceptable in production
diff --git a/examples/big-bang/zarf.yaml b/examples/big-bang/zarf.yaml
index 375d44559c..335f1a5eaf 100644
--- a/examples/big-bang/zarf.yaml
+++ b/examples/big-bang/zarf.yaml
@@ -6,6 +6,15 @@ metadata:
 local:
   manifests: manifests
 
+  files:
+    - source: https://github.com/armosec/kubescape/releases/download/v1.0.81/kubescape-ubuntu-latest
+      shasum: a1caf4805f6a0e1e4bf0c0549fea7e822f2b7f8999913f8cfdbcb5316843a443
+      target: "/usr/local/bin/kubescape"
+      executable: true
+    - source: https://github.com/armosec/regolibrary/releases/download/v1.0.11/nsa
+      shasum: 52299bd5a2df28b6a6ff9926e09abd0fa5e6c1094f5bb75b036a0452cfc00dfa
+      target: "/usr/local/bin/kubescape-framework-nsa.json"
+
   images:
     # Flux images
     - registry1.dso.mil/ironbank/fluxcd/helm-controller:v0.11.0