Open source utility automates and simplifies testing for known Jenkins exploits Accenture has released Jenkins Attack Framework (JAF), a new tool aimed at pen testers and red teamers that can reveal ways in which the popular automation server can be abused. Jenkins is an open sourceCI/CD pipeline that allows developers to rapidly build, test, and deploy their code. The DevOps tool often stores powerful credentials, proprietary code, and more. “Historically, Jenkins is not securely configured by default,” JAF developer Shelby Spencer, formerly of Accenture, tells The Daily Swig. “It is often set up and maintained by developers and not security or IT personnel, so it is often a soft target.”