Onebrief builds mission-critical collaboration software for the U.S. Department of Defense (DoD), also referred to as the Department of War (DoW), and other federal customers that are required to maintain the highest levels of security. With an engineering environment that must operate in disconnected, air-gapped systems, and a customer base that demands rigorous compliance, Onebrief’s team faces some of the most complex infrastructure challenges.

Principal Infrastructure Engineer Nick Wade summed it up: “Because of the DoW customers we serve, compliance and security aren’t just lip service. They’re central to our work.”

The challenge

Onebrief’s software has to meet the uncompromising standards of the DoD. Every deployment must satisfy strict compliance frameworks like DoD IL5, NIST 800-53 and FedRAMP, all of which require strict SLAs on vulnerability remediation and the enforcement of FIPS-validated cryptography.

For engineers, that means validating every dependency against FIPS requirements, generating SBOMs, producing clean security scans, and completing monthly reviews with authorizing officials. These requirements aren’t occasional checkboxes; they’re a constant presence in the infrastructure team’s daily work.

At the same time, Onebrief’s platform must run in mission-critical, air-gapped environments where outside connectivity isn’t an option. That means the team has to self-manage a sprawling open source stack, without relying on external services. Keeping all of this software patched, compliant, and consistent across segmented customer deployments introduced significant complexity and consumed valuable engineering hours.

Before adopting Chainguard, even a single CVE could derail the team’s momentum, forcing engineers to hunt for patches, apply overlays, and rebuild containers just to get a fix out the door. “We were spending a lot of mental overhead on the patching process itself, instead of focusing on what really matters: getting the fix delivered so our customers can keep working,” Nick explained.

Instead of focusing on what they do best and building collaboration software for military commands, the team was bogged down by compliance overhead, open source sprawl, and constant vulnerability management.

The solution

After an initial trial, Onebrief turned to Chainguard Containers to cut through the complexity and outsource the overhead and engineering toil.

What started as a one-off purchase quickly became a pattern. “Whenever we needed a new image, Chainguard already had it hardened. Chainguard delivers fast, timely patches, so it just made sense to lean in with their container images so we could focus on our core competencies,” Nick recalled.

This pattern led Onebrief to expand from one-off image implementations to full access to the Chainguard Container Catalog, giving the team every secure, pre-patched image they needed without delay. As Nick put it: “Sign me up. We’ll move everything.”

Adoption was straightforward: “For most dependencies, it was a simple swap to point at cgr.dev in our image repo and most things just worked,” Nick said. Migrating to Chainguard’s FIPS-compliant images and Helm charts required only minor adjustments.

The results

By moving from manually patched, open source container images to Chainguard’s secure-by-design, continuously updated images, Onebrief’s infrastructure team fundamentally changed how they securely deliver software to high-stakes federal customers.

Faster patching and lower operational burden

With Chainguard, Onebrief’s engineering team no longer loses days chasing patches and rebuilding containers. Major vulnerabilities that once required three to five days to resolve are now addressed within hours, often in a little as six to twelve. Nick noted that Chainguard consistently ships patched builds quickly, turning what used to be “pencils-down” fire drills into a predictable, low-stress process.

Reduced compliance and audit burden

Chainguard’s hardened, minimal images simplify SBOMs and audits, making it easy to explain exactly what’s in each container and why. This cleaner software supply chain makes monthly reviews and regular security scans more efficient, while also giving DoD customers and approving officials greater confidence in Onebrief’s ability to maintain a hardened environment. Nick noted that Chainguard’s efficient patch delivery puts the team on strong footing when discussing continuous deployment or Zero Trust initiatives with officials.

More time for mission-critical innovation

Chainguard also freed Onebrief’s engineers from a constant cycle of patching and vulnerability management. Nick estimated it would take four full-time developers to replicate the level of security and responsiveness Chainguard provides, resources the company can now redirect toward its real value: delivering foundational collaboration software for military workflows and decision-making.

As Nick put it, the cultural shift is clear: engineers no longer ask “How do we fix this?” but instead focus on “How can we deploy this?” With compliance and security streamlined, the team spends more time innovating and less time firefighting.

A strategic shift

Chainguard hasn’t just improved Onebrief’s security posture, it’s changed how the team thinks about product evolution. “‘Does Chainguard have a FIPS version?’ has almost become the infrastructure team’s tagline,” Nick said. “If yes, we can move forward.”