Our in-depth research of the Jenkins automation server reveals just how secure your DevOps infrastructure really is (or isn’t). Our findings comprise 5 CVEs, 2 issues under responsible disclosure and other security issues—from credentials exposure, agent launch vulnerabilities, AD integration issues and more—and offer a new DevOps security approach: the zero trust model.