The challenge

For x-RD’s clients in defense and government, security, trust, and compliance are non-negotiable. Container images are a critical component of their secure development platform (secd3v), but x-RD’s engineering team historically relied on upstream images and managed patching and maintenance internally, which resulted in operational overhead and inconsistency.

As Daniel Riedel, Founder and Managing Director at x-RD, said about the process, “It was very ad hoc between different images. We were building from Python slim or Alpine where possible and applying a range of different approaches to get the vulnerabilities down.”

Starting from general-purpose base images meant the team had to manually patch, strip down, and rebuild containers to meet strict security requirements. This created an ongoing maintenance burden that was time-consuming, inconsistent, and difficult to scale.

The challenge was even more pronounced for AI workloads, where more complex dependencies made it harder to meet security requirements using minimal base images. For x-RD’s small team, managing security requirements across both general-purpose and AI-specific containers, each with their own patching and compatibility challenges, created a significant operational burden.

At the same time, government requirements introduced constraints: x-RD needed to maintain a minimum vulnerability footprint and provide detailed artifacts such as SBOMs, vulnerability reports, and build provenance, to support assurance and system accreditation. This is especially critical in Infosec Registered Assessors Program (IRAP)-aligned environments, where evidence, repeatability, and control traceability are essential for formal assessment.

While x-RD’s team could harden the containers themselves, doing so required repeated manual effort and was difficult to standardize across environments, especially as workloads became more complex.

The solution

x-RD implemented Chainguard Containers to strengthen the security of its platforms for highly regulated customers. By adopting minimal, continuously patched container images with built-in SBOMs and provenance, x-RD significantly reduced vulnerabilities while improving alignment with strict compliance requirements, such as IRAP, the Security of Critical Infrastructure Act (SOCI), Information Security Manual (ISM) controls, Essential Eight Maturity Level 2 and above, and Australian Signals Directorate (ASD) Cryptography standards.

The results

Faster development cycles with a secure-by-default foundation

For x-RD, meeting minimum security benchmarks has always been required for applications deployed in government and high-security environments, a process that previously could take one to two weeks of dedicated effort. While the team had long embraced DevSecOps and shift-left practices, many open source images were not secure-by-default, creating ongoing remediation work.

With Chainguard, that dynamic changes. After starting with trusted, minimal, and continuously maintained container images, x-RD could shift security even further left, reducing remediation efforts and eliminating the need to spend weeks recompiling libraries and fixing vulnerabilities. Teams select a container from the catalog, test it with the application, and move forward without spending weeks recompiling libraries or fixing issues. This translates into faster development cycles and more time spent building, rather than hardening, software. This is particularly impactful in high-compliance government and defense environments, where baseline security and traceability are critical.

Reduced operational and platform costs

For x-RD, a major benefit of working with Chainguard is eliminating the constant scan-fix-rescan cycle that used to be part of its container hardening approach. Beyond developer time, this process also drives significant, and often overlooked, platform costs as pipelines repeatedly rebuild and scan images at scale.

By starting with secure images, x-RD avoids much of this rework and the platform costs that come with it.

Reassurance for customers and a faster path to government compliance

Using Chainguard, x-RD has simplified engagement with Australian Government and defense assurance teams. With CVE data and supporting evidence readily available, assurance teams can quickly understand and validate the software’s security posture, accelerating the path to compliance.

A true partnership

What began as a customer-vendor relationship has evolved into a formal partnership, with x-RD and Chainguard now working together to support x-RD’s defense and government customers, where security is foundational.

“For us, it was a no-brainer. Not just to use Chainguard, but to partner with them to address customer needs."