We have Jakarta Security testing as a side effect of the JWT testing which is currently built upon Jakarta Security, we also have the TCK runs but we don't seem to have a smoke test that exercises some of the core Jakarta Security functionality to double check we haven't broken anything.