CI doesn't magically takes care of security, that's a naïve understanding of vulnerabilities.

Someone with the right mindset needs to be there providing guidance and architectural input.

And even then that's not enough. Something like a super extensive testing set like in SQLite is the best we can do.