Dirac operates at the intersection of cloud software and heavy industry. Its customers build aircraft, heavy equipment, and other mission-critical systems, where reliability and security are essential. BuildOS, Dirac’s flagship product, must run reliably across managed cloud environments, customer clouds, and tightly controlled networks alongside Operational Technology systems.

The challenge

Like many fast-moving startups, Dirac relies heavily on open source, from base images for language runtimes to third-party applications for databases and observability tooling. And while open source empowers Dirac to move quickly without reinventing the wheel, that velocity came with a cost. Over time, the growing volume of vulnerabilities across container images and dependencies began to outpace the team of 20’s ability to manage them, turning security maintenance into a persistent operational burden.

For Dirac, those issues aren’t just internal engineering noise. As Matthew McSpadden, Security, put it, “For a product that runs in manufacturing environments, sometimes alongside ITAR/CUI-sensitive data or safety-critical processes, that wasn’t sustainable.” Vulnerabilities and supply chain risks carried real safety and compliance implications, especially as customer scrutiny increased.

Each hour spent chasing CVEs was an hour not spent improving BuildOS, and reactive security work began to threaten release velocity and audit readiness as Dirac began partnering with larger manufacturers. The team needed a way to reduce the vulnerability surface of its images by default, raising the security baseline of its open source supply chain so security wasn’t something they had to constantly fight to maintain.

The solution

Dirac chose Chainguard to raise the security baseline of its software supply chain without slowing down development. The team needed a partner whose sole focus was secure open source and supply chain hardening, allowing engineers to focus on building and improving BuildOS rather than constantly remediating vulnerabilities.

The breadth of Chainguard’s image catalog made it possible for Dirac to standardize on hardened, low-CVE images across services, reducing the vulnerability surface by default rather than through ongoing manual effort.

Adoption was straightforward and low-friction. “The onboarding experience was very smooth,” McSpadden explained. “Since we were already largely using Alpine-based images, the transition was straightforward and low-friction. On top of that, the Chainguard team provided excellent onboarding support, which helped us adopt the platform quickly and confidently.”

The results

A higher security baseline, by default

Since adopting Chainguard Containers, Dirac’s BuildOS services now start with hardened, minimal images that dramatically reduce the number of known vulnerabilities in its environment. Security work shifted earlier in the lifecycle, cutting down reactive remediation and improving consistency across services.

The results were fewer surprises, faster audits, and a much cleaner reality for customers and auditors around how Dirac secures and continuously improves its open source stack.

More time building, less time firefighting

With a stronger foundation in place, engineers spend less time chasing CVEs and more time building features that directly benefit customers.

As Fil Aronshtein, Co-Founder & CEO, noted, “We spend less time firefighting CVEs and more time building features that directly benefit our customers.” That shift translated directly into faster iteration and more capacity to invest in what makes BuildOS unique: automated, 3D work instructions, model-based workflows, and helping manufacturers ramp new product introductions with less risk.

Strengthened trust with customers and auditors

Chainguard also helped Dirac strengthen trust with manufacturers operating in regulated, safety-critical environments, opening up new revenue streams for the startup. Being able to clearly articulate how its software supply chain is secured changed the tone of security conversations with prospects in the highly regulated manufacturing space.

This diligence helped Dirac clear security reviews and accelerate deal cycles, and reinforced its position as a serious, long-term partner to its customers.

Security as an innovation enabler

Perhaps most importantly, Chainguard changed how Dirac thinks about open source. Instead of something to lock down after the fact, it became a secure, auditable foundation for innovation.

As Fil summarized, “Chainguard gives us secure, production-ready open source building blocks so we can focus on what we do best: helping manufacturers build complex products faster and with less risk. It’s like having a dedicated security team for our base images and supply chain, without having to staff it in-house.”