Francesco Borg Bonaci focused on CI/CD security hardening and automation workflow improvements for the marshmallow-insurance/smores-react repository. He enhanced supply chain security by pinning third-party GitHub Actions to specific commit SHAs, ensuring deterministic builds and reducing the risk of tampering. Using YAML and GitHub Actions, Francesco updated dependencies such as dependabot/fetch-metadata and JamesIves/github-pages-deploy-action to known-good versions. He also streamlined the Dependabot auto-approval process by integrating the GitHub CLI, which reduced reliance on external actions and simplified updates. This work resulted in more auditable, reliable release automation and faster, lower-risk update cycles for the project.