diff --git a/Dockerfile b/Dockerfile
index fff43a80..37a3fdd1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,7 +23,11 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags="-w -s -X '
 
 
 # get latest alpine container
-FROM alpine:latest
+FROM alpine:3.19.1
+
+# create nonroot user
+RUN addgroup -S nonroot \
+  && adduser -S nonroot -G nonroot
 
 # add ca-certificates
 RUN apk --no-cache add ca-certificates tzdata
@@ -34,6 +38,9 @@ WORKDIR /root/
 # copy binary from first container
 COPY --from=0 /go/src/app .
 
+# set user
+USER nonroot
+
 # expose port 8080
 EXPOSE 8080