During the recent security incident, CircleCI CTO Rob Zuber’s response included posting in our Discuss community, where users can contact company employees directly to ask questions and provide feedback.
Many users joined the forum during the first hours of the incident, and seeing the post, began adding their own responses, questions, and shared experiences and helpful tools. While we have always known that the CircleCI community is special, we were blown away with the kindness and generosity we saw in response to the security incident. On the forum, community members shared scripts and procedures they found useful. Others offered expertise, perspective, and clarification, all of which were collated and summarized into the incident FAQ by CircleCI employees. The FAQ could not have been created without input from the community.
Today we want to shine a light on many of the folks in our CircleCI community who helped support each other through this recent incident.
Thank you, MVPs of the CircleCI Discuss forum
There were many ways the community used the Discuss forum to help out during the incident. For example, CircleCI Champion Roger pitched in to answer questions. You can tell a member is a Champion by the little trophy on their avatar. Roger has earned Problem Solver status over and over, and their 283 posts have resulted in more badges than the annual FBI vs DEA softball game. Want to join the program? You can become a CircleCI champion.
Here’s brand new Discuss user Ben Walding reposting a question they posed earlier, along with an update helpfully summarizing the actions CircleCI had taken to respond to the issue.
Then there’s Discuss user “Glenjamin”, who shared some code for using the GitHub CLI to list all repositories, and a script to list variables attached to them. Glenjamin turns out to be Glen Mailer, a former CircleCI employee, now an active member of the community. Thank you, Glen!
Another great example of how our community helped each other and helped CircleCI assist even more customers starts with this tweet from GitHub user azu.
The tweet linked to a GitHub Gist. The tweeter acknowledged the contribution of Discuss user Xhiroga (Hiroaki Ogasawara) who also shared a script.
Azu’s gist and Xhiroga’s script were picked up by CircleCI engineers, who discussed and further developed them, and published an official tool the same day: Node.js tool for discovering CircleCI secrets. It was then added to the official Security Alert blog post to make it available for all who needed it.
Employees who helped coordinate the community response
Although CircleCI CTO Rob Zuber authored the security alert and made several appearances in the Discuss post for the incident, the most active CircleCI staff included Emily Cook, Nick O’Keefe, Aaron Stillwell, and Yann Domingo.
There was also one helpful cat, DrTorte, who contributed 4 posts.
Head of Developer Relations Jeremy Meiss made sure everyone working after-hours was well-supplied with snacks and caffeine. No word on what kept DrTorte going.
Conclusion
The security tasks we asked our customers to complete as a result of the incident can be time-consuming and brain-power intensive, even in the best of circumstances. Under the kind of pressure a security incident brings, doing this work is even more challenging. But overwhelmingly, CircleCI customers just started taking the security measures we requested of them. Some even offered encouragement!
As much as we appreciate the positive feedback, we know who the heroes of this story are: the community of people who use CircleCI, and contribute to the community’s knowledge to the benefit of all. During the security incident, our user community shaped Discuss into a platform for questions and answers, problem-solving, and collaboration. We learned a lot from you, about our product, how you use it, and how we can continue to make it better.
The Discuss team plans to apply what we’ve learned to make Discuss even more helpful and to share what we’ve learned about our product and our customers with the other teams at CircleCI.
We sincerely thank you for your hard work, expertise, and best wishes.
Thank you, thank you, thank you!
