During January 2026, Matuz G. developed and integrated a CodeQL security scanning workflow for the meta-llama/llama-stack repository, focusing on enhancing CI/CD security practices. The workflow, written in YAML and leveraging GitHub Actions, automatically scans for command injection and pwn request vulnerabilities on pull requests and pushes, but only when workflow files are modified. This targeted approach improved CI speed by about one minute and ensured security findings are updated without failing builds, supporting faster feedback cycles. Matuz validated the integration with targeted tests and documentation, delivering incremental security automation and observability improvements without introducing major bug fixes during the period.