HackerOne solves complex engineering problems with the help of Gearset
Security is at the heart of HackerOne’s ethos. Its integrated solutions, including bug bounty, pentesting, code security audits, spot checks, and AI red teaming, ensure continuous vulnerability discovery and management throughout its customers’ software development lifecycle. Trusted by industry leaders such as Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, Snap Inc, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.
Jolene Mair is the Salesforce Application Engineer at HackerOne and a proud Gearset DevOps Leader. Jolene had heard of Gearset in a previous role and was keen to implement it as soon as she joined HackerOne.
High-risk deployments and communication issues
HackerOne was relying on change sets before Gearset, deploying directly to production without any way to test code. This led to frustration and slow release cycles, making the deployment process a lot more complicated than it needed to be. Jolene told us that without the right tools or any real process, “everything took longer — it was a really long and drawn out process”, with hidden problems being discovered too late.
Another challenge the team faced was a lack of communication, with team members not being able to see who was making changes and where.
“Things were going wrong without any real explanation, and when you dug down into the problem, it was a communication issue.”
HackerOne unlocks the full value of Gearset’s DevOps platform
What began as a search for a backup solution quickly evolved into a much broader transformation. While initially looking at Gearset for its backup capabilities, the team at HackerOne was won over by the power of the entire DevOps platform.
Today, HackerOne uses almost all of Gearset’s solutions — including Backup & Restore, Pipelines, Sandbox seeding, Flow and Apex error monitoring, CPQ deployments, and Code Reviews — enabling them to manage the entire DevOps lifecycle from a single platform. This unified approach has brought huge benefits to the team, helping them work more confidently, efficiently, and securely across development, testing, and release.
The visual CI/CD pipeline in Gearset has been a game-changer, giving the team real-time visibility into their environments and highlighting any live changes ready to be promoted. Gearset’s Sandbox seeding solution was the next addition — a key upgrade that Jolene said, will “massively benefit the company” by enabling realistic testing with masked data before changes hit production.
By consolidating their tooling with Gearset, HackerOne has unlocked a faster, safer, and more integrated DevOps process.
“Deployments and errors are connected. Nothing happens in isolation. Being able to see it all in one place is so important.”
From inbox chaos to complete observability
Before Gearset, error monitoring at HackerOne was reactive and fragmented. Jolene’s team was buried in Flow error emails, trying to piece together what had gone wrong — and often only realizing too late that they were fixing the same problems over and over again.
“Flow error alerts came through email — and that alone was a challenge. You’d miss things, there was no context, no sense of the growing volume of errors. You were constantly backtracking.”
At peak times, like quarter end, they’d be flooded with hundreds of alerts, unable to prioritize or identify root causes. Errors were often missed, misjudged, or managed with temporary workarounds.
“We were always missing the boat. We had to rely on people guessing — is this something to worry about, or can it be ignored?”
With Gearset’s observability solution, that’s completely changed. Error insights are now clear, contextual, and actionable — surfaced directly in Gearset’s UI through an intuitive dashboard. The team can spot issues as they happen and immediately understand their true impact — not just how many errors occurred, but how many users are affected.
“We turned it on and within five minutes, it caught a live incident. The difference in how we handled it compared to before was night and day. The business didn’t even realise there was a problem until after we’d already fixed it.”
Instead of firefighting, HackerOne’s team can now take a longer-term view — fixing root causes, planning smarter, and giving the business confidence in the stability of their Salesforce environment.
“Before, my inbox was an alert system. Now it’s just an inbox. That’s how it should be. We’re not firefighting all the time — we’re thinking longer-term, fixing root causes, and planning those fixes properly.”
Observability has become such a valuable part of their workflow that the leadership team gets involved — Jolene’s manager now regularly logs into Gearset to view reports and keep tabs on the platform’s health: “she loves getting in and seeing the reports!”
With Gearset, HackerOne has gone from reactive fixes to proactive improvement — and the visibility to keep their systems healthy and secure.
Smarter code reviews — with security and quality built in
Code reviews (powered by Clayton) has also become part of HackerOne’s DevOps process, helping the team catch issues early and keep technical debt in check. As a security-focused company, quality and consistency are non-negotiable — and Code Reviews help enforce both without slowing developers down.
Rather than relying on manual checks or inconsistent peer reviews, the team now benefits from automatic analysis of every pull request. Code is reviewed against best practices, team conventions, and common anti-patterns — giving developers fast, actionable feedback while keeping standards high.
“You don’t always catch everything when you’re reviewing by eye. Now we’ve got a second set of eyes on every pull request — and it’s looking for exactly the right things.”
Code Reviews fit seamlessly into the team’s workflow surfacing potential issues in real time and making it easy to resolve them before they reach production. Whether it’s enforcing naming conventions, flagging risky patterns, or identifying security concerns, the system is always running in the background — quietly improving quality with every change.
“It’s helped us build better habits. You’re learning as you go, and you’re catching things before they become problems.”
For Jolene’s team, it’s another example of how adopting a full platform has paid off. Instead of bolting on a separate solution, Code Reviews are part of Gearset, working in harmony with Pipelines, deployments, and the rest of their DevOps toolchain.
“We don’t have to keep jumping between tools. Everything we need to build, test, and release is in one place — and it all works together.”
A successful partnership
Jolene loves how attentive and knowledgeable the Gearset team is, with only positive experiences of customer support to speak of. She values how “everyone responds really quickly if you need something” and finds the live chat option on the website ideal if she needs a quick answer. Gearset also offers an open-door policy that works as a partnership to deliver on feedback Jolene gives to its product team to make the platform even better.
“It felt more like we were a partnership than just buying a DevOps platform.”
Jolene was part of the early pilot group for Gearset’s observability solution, playing a key role in shaping how the feature developed. Her feedback helped the team identify pain points and design solutions that genuinely meet the needs of Salesforce teams in the real world. For Jolene, it means she’s using a tool built with her input — one that directly addresses the challenges she and others were facing. It’s also a reflection of Gearset’s ongoing commitment to building the right things in close collaboration with its users.
When we asked Jolene if she would recommend Gearset, she replied:
“100%, and you won’t regret it. Gearset is one of the only companies that offers a free trial with no strings attached so try for yourself and then make a decision — although once you use it, you won’t look back.”
Jolene’s team is now confident they know what’s going on in their Salesforce org, because they have much better visibility and can clearly see the wider impact on the business.
“I’m confident Gearset will continue fixing our problems, before we even know they’re there.”
