Facebook's osquery is a Linux and OS X intrusion detection and response tool. The underlying infrastructure must test, build, and publish security software be secure by default. This discussion will show how the Facebook security team enabled Github contributors to safely submit C/C++/bash code to its CI and build server. The discussion will include Facebook's CI hardening process and the attack and vulnerability reports the team received through bug bounty targeting CI.