diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml
index f232943..e3f3975 100644
--- a/.github/workflows/build_container.yml
+++ b/.github/workflows/build_container.yml
@@ -45,6 +45,7 @@ jobs:
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_RUBOCOP_PERFORMANCE=${{ matrix.rubygem_rubocop_performance }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
+            RUBYGEM_ONCEOVER=${{ matrix.rubygem_onceover }}
           build_arch: linux/amd64
           docker_username: voxpupulibot
           docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
@@ -76,6 +77,7 @@ jobs:
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_RUBOCOP_PERFORMANCE=${{ matrix.rubygem_rubocop_performance }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
+            RUBYGEM_ONCEOVER=${{ matrix.rubygem_onceover }}
           build_arch: linux/arm64
           docker_username: voxpupulibot
           docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 0d66ac0..5301890 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -49,6 +49,7 @@ jobs:
             RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }}
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
+            RUBYGEM_ONCEOVER=${{ matrix.rubygem_onceover }}
 
       - name: Clone voxpupuli/puppet-example repository
         uses: actions/checkout@v4
@@ -99,6 +100,7 @@ jobs:
             RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }}
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
+            RUBYGEM_ONCEOVER=${{ matrix.rubygem_onceover }}
 
       - name: Clone voxpupuli/puppet-example repository
         uses: actions/checkout@v4
diff --git a/.github/workflows/security_scanning.yml b/.github/workflows/security_scanning.yml
index 7e66f97..43f49ce 100644
--- a/.github/workflows/security_scanning.yml
+++ b/.github/workflows/security_scanning.yml
@@ -50,6 +50,7 @@ jobs:
             RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }}
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
+            RUBYGEM_ONCEOVER=${{ matrix.rubygem_onceover }}
 
       - name: Scan image with Anchore Grype
         uses: anchore/scan-action@v6
diff --git a/Dockerfile b/Dockerfile
index 82944b4..07fa340 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -36,6 +36,9 @@ ENV RUBYGEM_RUBOCOP_PERFORMANCE=${RUBYGEM_RUBOCOP_PERFORMANCE:-1.23.0}
 ARG RUBYGEM_BUNDLER
 ENV RUBYGEM_BUNDLER=${RUBYGEM_BUNDLER:-2.5.23}
 
+ARG RUBYGEM_ONCEOVER
+ENV RUBYGEM_ONCEOVER=${RUBYGEM_ONCEOVER:-4.0.0}
+
 COPY voxbox/Gemfile /
 
 RUN apk update \
diff --git a/README.md b/README.md
index bd6f553..772ca7d 100644
--- a/README.md
+++ b/README.md
@@ -27,10 +27,16 @@ docker run -it --rm -v $(pwd):/repo ghcr.io/voxpupuli/voxbox:8      # rake -T
 docker run -it --rm -v $(pwd):/repo ghcr.io/voxpupuli/voxbox:8 spec # rake spec
 ```
 
+If you want to run onceover, you have to override the entrypoint:
+
+```shell
+docker run -it --rm -v $(pwd):/repo --entrypoint onceover ghcr.io/voxpupuli/voxbox:8 help
+```
+
 if you need a shell, you have to override the entrypoint:
 
 ```shell
-docker run -it --rm -v $(pwd):/repo --entrypoint bash ghcr.io/voxpupuli/voxbox:8
+docker run -it --rm -v $(pwd):/repo --entrypoint sh ghcr.io/voxpupuli/voxbox:8
 ```
 
 ### Available rake tasks
diff --git a/build_versions.json b/build_versions.json
index b1293f7..612cc6e 100644
--- a/build_versions.json
+++ b/build_versions.json
@@ -13,7 +13,8 @@
       "rubygem_r10k": "4.1.0",
       "rubygem_ra10ke": "3.1.0",
       "rubygem_rubocop_performance": "1.22.1",
-      "rubygem_bundler": "2.4.22"
+      "rubygem_bundler": "2.4.22",
+      "rubygem_onceover": "4.0.0"
     },
     {
       "puppet_release": 8,
@@ -28,7 +29,8 @@
       "rubygem_r10k": "4.1.0",
       "rubygem_ra10ke": "3.1.0",
       "rubygem_rubocop_performance": "1.22.1",
-      "rubygem_bundler": "2.5.22"
+      "rubygem_bundler": "2.5.22",
+      "rubygem_onceover": "4.0.0"
     }
   ]
 }
diff --git a/voxbox/Gemfile b/voxbox/Gemfile
index 9b6ea34..ea3e213 100644
--- a/voxbox/Gemfile
+++ b/voxbox/Gemfile
@@ -13,6 +13,7 @@ gem 'voxpupuli-release',    ENV['RUBYGEM_VOXPUPULI_RELEASE']
 gem 'voxpupuli-test',       ENV['RUBYGEM_VOXPUPULI_TEST']
 gem 'rubocop-performance',  ENV['RUBYGEM_RUBOCOP_PERFORMANCE']
 gem 'ffi', '~> 1.16.3' # ffi 1.17.0 has change dependencies - see https://github.com/ffi/ffi/issues/1105
+gem 'onceover',             ENV['RUBYGEM_ONCEOVER']
 
 # CVE fixes
 gem 'cgi', '~> 0.4.1'             # cgi 0.1.0 has CVEs - remove default and install upstream replacement