feat: use CIS EKS 1.5.0 by default

cfg/eks-1.5.0/policies.yaml

@@ -114,8 +114,8 @@ groups:
         text: "Minimize the admission of containers wishing to share the host network namespace (Automated)"
         type: "manual"
         remediation: |
-          Create a PSP as described in the Kubernetes documentation, ensuring that the
+          Add policies to each namespace in the cluster which has user workloads to restrict the
-          .spec.hostNetwork field is omitted or set to false.
+          admission of hostNetwork containers.
         scored: false
 
       - id: 4.2.5

cmd/common_test.go

@@ -460,6 +460,12 @@ func TestValidTargets(t *testing.T) {
 			targets:   []string{"node", "policies", "controlplane", "managedservices"},
 			expected:  true,
 		},
+		{
+			name:      "eks-1.5.0 valid",
+			benchmark: "eks-1.5.0",
+			targets:   []string{"node", "policies", "controlplane", "managedservices"},
+			expected:  true,
+		},
 	}
 
 	for _, c := range cases {

cmd/util.go

@@ -489,7 +489,7 @@ func getPlatformBenchmarkVersion(platform Platform) string {
 	glog.V(3).Infof("getPlatformBenchmarkVersion platform: %s", platform)
 	switch platform.Name {
 	case "eks":
-		return "eks-1.2.0"
+		return "eks-1.5.0"
 	case "gke":
 		switch platform.Version {
 		case "1.15", "1.16", "1.17", "1.18", "1.19":

cmd/util_test.go

@@ -650,7 +650,7 @@ func Test_getPlatformBenchmarkVersion(t *testing.T) {
 			args: args{
 				platform: Platform{Name: "eks"},
 			},
-			want: "eks-1.2.0",
+			want: "eks-1.5.0",
 		},
 		{
 			name: "gke 1.19",