Hirevue sits at a consequential intersection of technology and human outcomes. Its platform helps some of the world's largest and most regulated organizations assess and hire talent, which means the stakes around security and compliance are exceptionally high. "Getting a job can be life-changing. We provide the technology and data to help companies make better hiring decisions — and we take that responsibility seriously, grounding everything we do in strong policies, rigorous procedures, and clear values," says Alberto Silveira, CTO at Hirevue.

When Hirevue needed to achieve FedRAMP authorization for its core platform in what seemed like an impossibly short window, that seriousness was put to the test.

The challenge

Hirevue's customer base spans highly regulated industries like government agencies, major financial institutions, and large enterprises, all of which impose rigorous security requirements. Maintaining compliance meant that every piece of open source software entering Hirevue's environment had to be carefully vetted, patched, and maintained.

"It's nearly impossible to actually be on top of everything manually," Alberto said. "Before Chainguard, we were working very hard to keep up with that work."

The burden was substantial. One of Hirevue's three cloud engineering delivery teams — approximately 30% of that workforce — was dedicated to recurring security patching and maintenance tasks. Time spent keeping systems secure was time taken from building Hirevue's core product.

The situation reached a breaking point when Hirevue needed to achieve FedRAMP authorization for its T2O platform. T2O had become the company's primary assessment platform following the acquisition of Modern Hire, but it was built on legacy Microsoft .NET architecture running on Windows servers, and it was not FedRAMP authorized. Moving federal customers from the legacy HV4 platform to T2O required authorization, and it needed to happen fast.

The internal assessment was discouraging. "All I heard was, 'This is not possible. It's going to take at least three years or more for us to modernize and do this,’" Alberto recalled. Without authorization, Hirevue  stood to lose millions of dollars in federal and enterprise customer revenue, and potentially put its broader enterprise relationships at risk.

The solution

Refusing to accept that timeline, Alberto went looking for answers himself. Through conversations with peers, he discovered Chainguard Containers: hardened, continuously updated base images designed to dramatically reduce the open source vulnerability surface. He brought in Sam Marx, VP of Cloud Engineering, to evaluate the approach.

Chainguard was uniquely positioned to deliver what Hirevue needed, and the team was able to pull a Chainguard Container image and bootstrap it in a matter of hours.

Chainguard Containers became a central pillar of Hirevue's FedRAMP authorization effort for T2O, automatically handling the ongoing patching and maintenance of container images, freeing the engineering team to focus on the compliance work itself rather than the underlying infrastructure hygiene.

The results

FedRAMP authorization in nine months

What the internal team estimated would take three years was accomplished in nine months. T2O achieved FedRAMP authorization with zero major findings. "We made the impossible – possible," Alberto told the Carlyle board. “And Chainguard was one of the most important pillars in making that mission possible. My team should be proud to share this success story in their careers."

FedRAMP authorization was also a prerequisite for Hirevue's core platform strategy, as T2O had become the intended foundation for Hirevue's entire product roadmap. Without authorization, the company's plan to consolidate its customer base onto its primary platform would have stalled entirely.

The authorization secured Hirevue's federal customer relationships and the revenue tied to them, a direct, measurable return on the investment in Chainguard.

A team redirected toward modernization

With Chainguard Containers handling automated image maintenance, the team that had been consumed by reactive patching was freed to do something far more valuable: modernize the T2O platform itself. Hirevue migrated T2O from legacy Windows servers to Kubernetes running on Linux servers and moved from Microsoft SQL Server to AWS PostgreSQL Aurora, enabling significantly greater scalability and stability. "That time investment was redirected to modernizing the core of the application," Alberto explained.

The knock-on effect of that reclaimed capacity was transformative. Last year, the company shipped five new products, and more are in development.

Stronger enterprise security posture

The benefits extended beyond Hirevue’s federal segment. The company’s largest enterprise customers conduct their own rigorous security audits, and Chainguard has contributed to a meaningfully cleaner security posture when facing those reviews.

For Alberto, the value of Chainguard goes beyond the product: "It is a true definition of a great partner. Whenever we have a question, Chainguard is on top of it. There's not a single thing that I can remember asking and not getting back."