Skip to content

Releases: OWASP/www-project-eks-goat

Initial OWASP EKS Goat Public Release

29 May 06:37
@justmorpheus justmorpheus
v1.0.0
4f985f3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Initial OWASP EKS Goat Public Release Latest
Latest

🔐 OWASP EKS Goat v1.0.0 - Initial Public Release

This release marks the first public version of OWASP EKS Goat — an intentionally vulnerable EKS cluster designed for security testing in AWS cloud environments.

Included Scenarios:

  • Web app to ECR compromise
  • IRSA misconfig exploitation
  • Pod breakout to node
  • CVE-2024-23897 (File Read)
  • ECR image backdooring
  • IMDSv2 credential abuse

Defensive Labs:

  • Kyverno policies
  • Runtime eBPF detection (Tetragon)
  • RBAC and Pod Security Context examples

📘 Docs: https://eksgoat.kubernetesvillage.com

🧾 License: GPL

Assets 2
Loading