diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index c081c11..41efaa7 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -35,6 +35,7 @@ jobs:
         with:
           platforms: linux/amd64,linux/arm64
           push: true
+          provenance: mode=max
           tags: |
             ${{ env.IMAGE_NAME }}:${{ inputs.version }}
             ${{ env.IMAGE_NAME }}:latest
diff --git a/Dockerfile b/Dockerfile
index 8d2f7b8..9a5efb9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,9 +9,11 @@ COPY ./src ./src
 RUN cargo build --release
 RUN ls -lh target
 
-FROM alpine
+FROM alpine:latest
 
 COPY --from=builder /usr/src/app/target/*-unknown-linux-musl/release/rust-mcp-filesystem rust-mcp-filesystem
 
-ENTRYPOINT ["./rust-mcp-filesystem"]
+RUN adduser -D -s /bin/sh rust-mcp-user
+USER rust-mcp-user
 
+ENTRYPOINT ["./rust-mcp-filesystem"]