In the open-source project CI/CD of https://github.com/mongodb/mongo, what security measures have been taken to ensure the product's security?

We are a financial company, and we have high security requirements for the externally sourced software. I need to understand what security measures mongo currently employs in their CI/CD process to ensure the overall application security. This includes the security tools used during the CI process, such as static code analysis, dynamic scanning, etc. Do these scanners exist, and if so, what are their names? I have attempted to find information on GitHub’s PR checks, but unfortunately, I couldn’t find any relevant checks. Could you please provide a detailed description of mongo Software Development Lifecycle (SDL) and the specific operations within their CI/CD process?