Deep Engineering #25: Ayodeji Ayodele on Leading with GitHub—Collaboration, CI/CD, and AI
From branch protections to dependable AI: practical steps to ship faster, safer, and smarter with GitHub.
Systems Engineering Masterclass: SysML 2 in a Day
Just two days left! In 3 high-energy hours, Dr. Bruce Douglass and Brian Moberley fast-track your shift to SysML 2—live demos, toolchain patterns, Q&A, and a certificate. Online this Saturday. I hope to see you there.
✍️From the editor’s desk,
Octoverse 2025 just set a new baseline for how fast teams can move: developers merged ~43.2 million pull requests per month this year (up ~23% year over year), closed a record 5.5 million issues in July, and, for the first time, TypeScript became the most-used language on GitHub—clear signals of tighter feedback loops, heavier automation, and a shift toward typed, AI-assisted workflows.
This issue asks—and answers—four core questions:
How do you convert that velocity into governed, repeatable delivery?
What are the least-regret guardrails for CI/CD and software supply chain security on GitHub right now?
How do you use Copilot and emerging agents responsibly—accelerating output while maintaining review rigor and code quality?
Which collaboration patterns—inner source, docs-first habits, rule sets—have the most impact in busy repos?
To find the answers, we sat down with Ayodeji (“Ayo”) Ayodele—Senior Customer Success Architect at GitHub, DevOps evangelist, and Agile coach with 18+ years across Financial Services, Tech, FMCG, Manufacturing, and the Public Sector. Ayo partners with CIOs and engineering leaders across Asia, Oceania, and Africa to translate platform capabilities into outcomes: developer velocity, stronger security posture, and healthier cross-team collaboration. He’s also the author of the GitHub Foundations Certification Guide (Packt, 2025).
In this issue:
Our complete interview with Ayo on moving from “using Git” to leading with GitHub. You can watch the complete interview below, read the complete Q&A, or listen to/download the audio only version here.
The complete Chapter 15: “Security Practices and User Management” from Ayodele’s book as an immediately applicable checklist (2FA, roles/teams, scanning, audit logs, incident playbooks).
Feature Article: Leading with GitHub: Scalable Collaboration, CI/CD, and AI with Ayodeji Ayodele distilling insights from our conversation.
Tool of the Week: Trivy
A breakdown of Octoverse 2025: TypeScript takes #1 as AI reshapes the stack
Sponsored:
Securing the Autonomous Enterprise—From Observability to Resilience: Current security stops at passive observation. Rubrik Agent Operations is the enterprise platform that unifies observability, governance, and recoverability for AI. Join us on November 12th to discover how Rubrik is leveraging its leadership in cyber resilience to protect your autonomous future. Save my spot
Leading with GitHub: Scalable Collaboration, CI/CD, and AI with Ayodeji Ayodele
GitHub now sits at the center of modern software delivery. In a conversation with Deep Engineering, Ayodeji Ayodele – a Senior Customer Success Architect at GitHub with nearly two decades in DevOps – shared how to move from simply using Git to truly leading with GitHub. He outlines ways to scale collaboration, automation, and security practices without slowing down delivery.
Open Ways of Working, Inside the Firewall
According to Black Duck’s 2025 Open Source Security and Risk Analysis Report, 97% of applications contain open-source components (averaging 70% of the codebase).
Ayodele emphasizes using GitHub’s collaboration features to break down silos, both in open source and within enterprises.
“Open source is the backbone of modern software,” he notes.
With an estimated 50–60% of all software now built on open-source components, he encourages engineers to contribute to public projects to sharpen their skills. Equally, Ayodele advocates bringing open practices inside companies through inner source.
“Bringing open-source practices inside companies—what we call inner source—breaks down silos and accelerates innovation,” he says.
“Transparency, forking and pulling workflows, and opening discussions all drive better code and teamwork,”
Ayodele explains, adding that a blame-free, well-communicated rollout and strong executive buy-in can overcome cultural resistance. At Microsoft, the DevOps Dojo’s InnerSource program created a single source of truth and drove “IP reuse,” cutting redundancy and enabling collaboration across 36 countries. At IBM, the enterprise InnerSource program—led by IBM Research—explicitly targets open collaboration and reuse at scale across teams.
To make inner source work, teams need clear contribution guidelines, leadership support, and a documentation-first culture. Because any change can face resistance, Ayodele suggests over-communicating plans and having leadership visibly back the inner source initiative. GitHub’s features (Issues, Discussions, project boards, etc.) enable asynchronous teamwork across time zones, but only if context is well documented so colleagues can work without a meeting. By embracing open collaboration patterns internally, organizations unlock their developers’ collective potential.
CI/CD: Shipping Fast Without Pipeline Overload
Ayodele defines CI/CD as:
“a practice and a set of standards that helps you automate all of the very tedious, boring, repetitive tasks that you would ordinarily have to do by hand.”
Done right, pipelines eliminate human error, enforce consistency, and allow teams to “build with confidence” while shipping updates far more frequently. In Ayodele’s view, CI/CD is integral to modern software development – but it must be implemented wisely.
He cautions against letting “pipeline bloat” slow engineers down. Instead, teams should keep pipelines lean and purposeful: break large processes into smaller parallel steps, cache dependencies to avoid needless rebuilds, and introduce automated quality gates at key points.
For example, a GitHub Actions workflow can block a pull request from merging if tests fail or a code scan finds critical vulnerabilities. Automating early and often – while cutting superfluous steps – lets organizations accelerate delivery. With reusable workflows and built-in checks, the release process becomes repeatable and reliable. The payoff is not just speed but confidence that every change is vetted before production. This design prevents one long serial pipeline from blocking everyone’s work.
Security by Design: Protecting the Software Supply Chain
Even as teams move faster and adopt open collaboration practices, Ayodele underscores that security is everyone’s job. Modern software relies on myriad open-source dependencies and automated workflows, so guarding the software supply chain is critical. Fortunately, GitHub provides multiple layers of defense that teams can enable.
“Use the built-in tools you have on GitHub to protect your code at every stage,” he urges.
For example, secret scanning can catch credentials before they leak, while branch protection rules and required reviews prevent risky merges. Enabling Dependabot alerts keeps dependencies up to date, and turning on code scanning flags flaws in the codebase. Ayodele also advises verifying builds: using GitHub Actions to generate SLSA provenance attestations ensures artifacts haven’t been tampered with. He recommends enforcing two-factor authentication for all contributors and mandating signed commits, so every change is traceable to a verified identity. By weaving security into every step, teams can move quickly without compromising on safety.
AI as the New Pair Programmer
Perhaps the most game-changing trend in the GitHub ecosystem is the integration of AI assistance directly into the developer workflow. Ayodele, with 20 years in the industry, says
“I’ve never seen anything like this before”.
Tools like GitHub Copilot have evolved from autocomplete-style helpers to capable “co-developers” that can generate code, explain it, write tests, and even autonomously create pull requests.
The impact on productivity is tangible: GitHub’s Octoverse 2025 report shows that the preview of Copilot’s new coding agent in early 2025 coincided with a significant jump in output – “developers closed 1.4 million more issues [in March] than the prior month”, reaching an all-time high of 5.5 million issues closed in a single month by mid-2025.
And it’s not just quantity of work; quality is getting a boost as well. AI-powered features are catching and fixing common bugs and security issues at scale. For example, Copilot’s “Autofix” feature is now automatically resolving thousands of OWASP Top 10 security flaws in code each month, contributing to that drop in critical alerts. These advances support Ayodele’s observation that teams using AI are seeing higher test coverage and fewer vulnerabilities.
That said, Ayodele and industry surveys alike urge a balanced, responsible adoption of AI. Developers are rapidly embracing these tools. According to StackOverflow’s 2025 Developer Survey, 46% of developers don’t trust the accuracy of AI outputs, and only a tiny fraction (around 3%) “highly trust” the answers from AI. The vast majority prefer to double-check with a human colleague when unsure, and about 75% say they would turn to a co-worker if they don’t fully trust an AI’s answer. Ayodele acknowledges this skepticism:
“It’s difficult to trust what you don’t know… you may need to understand what’s going on under the hood.”
He advocates using AI as a learning tool and accelerant, not a crutch or replacement for human insight. For junior engineers especially, Copilot can help explain code and suggest solutions, but it’s vital that they still practice critical thinking and code review.
Leading into the Future
The role of a software engineer is evolving. Mastering GitHub in 2025 means mastering a blend of technical tools and human skills. On the technical side, that’s proficiency in collaborative workflows, automation pipelines, security practices, and AI-augmented coding. On the human side, it’s creativity, problem-solving, communication, and adaptability. Ayodele says that creativity and empathy remain uniquely human strengths:
AI can help with complex tasks, but AI can’t replace creativity. AI cannot replace empathy. It cannot replace problem-solving. These are innate skills for humans. …So I don’t think AI will replace human beings, you know. So you want to focus on creativity, on communication, on design thinking, and, … adaptability as well.
Engineers should focus on the skills that never go out of style: learning how to learn, and learning how to work with others (including our AI tools). In the next 5–10 years, successful developers and tech leaders will be those who continuously adopt new technologies like Copilot while upholding high standards and mentoring others. As Ayodele puts it,
Armed with a learning mindset and the platform knowledge to take advantage of GitHub’s capabilities, today’s developers can confidently navigate a world where software delivery is faster, more open, and more intelligent than ever.
🧠Expert Insight
The complete “Chapter 15: Security Practices and User Management” from the book, GitHub Foundations Certification Guide (Packt, 2025), by Ayodeji Ayodele
Security Practices and User Management
Welcome to Chapter 15, where we explore the essentials of GitHub security and user management! By now, you’re familiar with the essentials, you have collaborated effectively, and you’ve started leveraging GitHub for your career. Now, it’s time to focus on protecting your work. In this chapter, we’ll explore GitHub’s built-in security features – such as …
Mastering GitHub in the Real World: A Conversation with Ayodeji Ayodele
From secure collaboration and branch protections to reusable workflows and AI-assisted development, GitHub now sits at the center of how software gets built—and scaled—inside modern organizations. In this conversation, we speak with Ayodeji Ayodele—author of the
🛠️Tool of the Week
A fast, all-in-one open-source scanner that finds vulnerabilities, misconfigurations (IaC), exposed secrets, and generates SBOMs across containers, OS packages, repos, and Kubernetes. Apache-2.0 licensed.
Highlights:
Coverage in one tool reduces pipeline sprawl (CVE scan, IaC misconfig, secrets, SBOM).
Low friction to adopt org-wide via reusable workflows in GitHub Actions.
Proven at scale in a commercial artifact platform, signaling maturity for enterprise use.
Sponsored:
82% of data breaches happen in the cloud: The reality is you can’t stop every single attack so survival depends on how fast you can recover. Join Rubrik for the Cloud Resilience Summit on December 10th to build true cyber resilience by shifting to an “assume breach” strategy, gain practical, real-world cloud insights, ensure rapid business recovery and minimal financial impact with a cloud restoration strategy. Save my spot
📎Tech Briefs
Octoverse 2025 lands with fresh benchmarks for engineering leaders: GitHub’s annual report highlights growth (e.g., developer sign-ups, pull requests merged, issues closed) and trends like typed languages and AI—use it to calibrate team throughput and tooling choices. Here is a concise breakdown.
Node.js 24 enters LTS (“Krypton”): The project promoted v24.x to Long-Term Support on Oct 28, 2025 (v24.11.0), making this the recommended production line through April 2028—plan upgrades and CI matrices accordingly.
You can now assign code-scanning alerts to Copilot for automated fixes (public preview): From the alert or via security campaigns, Copilot creates a remediation plan and opens a draft PR—tightening MTTR and turning findings into actionable changes.
Docker Compose patched a high-severity path traversal (CVE-2025-62725): The flaw could allow arbitrary writes on the host when resolving malicious OCI Compose artifacts; upgrade to Docker Compose v2.40.2 or later.
React 19.2 ships with new primitives and SSR improvements: The Oct 1 release introduces features like
<Activity />,useEffectEvent, andcacheSignal, plus partial pre-rendering enhancements—worth evaluating for performance and DX wins.
That’s all for today. Thank you for reading this issue of Deep Engineering. We’re just getting started, and your feedback will help shape what comes next. Do take a moment to fill out this short survey we run monthly—as a thank-you, we’ll add one Packt credit to your account, redeemable for any book of your choice.
We’ll be back next week with more expert-led content.
Stay awesome,
Divya Anne Selvaraj
Editor-in-Chief, Deep Engineering
If your company is interested in reaching an audience of developers, software engineers, and tech decision makers, you may want to advertise with us.
 | A guest post by
|