diff --git a/dockerfile b/dockerfile
index 09e12cb..823eb13 100644
--- a/dockerfile
+++ b/dockerfile
@@ -1,30 +1,32 @@
-# syntax=docker/dockerfile:1
-FROM golang:1.22-rc-alpine
+FROM golang:1.21.6 as base
 
-# Set destination for COPY
-WORKDIR /app
+RUN adduser \
+  --disabled-password \
+  --gecos "" \
+  --home "/nonexistent" \
+  --shell "/sbin/nologin" \
+  --no-create-home \
+  --uid 65532 \
+  small-user
+
+WORKDIR $GOPATH/src/app/
+
+COPY . .
 
-# Download Go modules
-COPY go.mod go.sum ./
 RUN go mod download
+RUN go mod verify
 
-# Copy the source code. Note the slash at the end, as explained in
-# https://docs.docker.com/engine/reference/builder/#copy
-# May not be enough for complex projects
-COPY *.go ./
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /main .
 
-# Build
-# Add GOOS=linux for linux
-# GOOS=windows
-# GOOS=darwin
-RUN go build -o /main
+FROM scratch
 
-# Optional:
-# To bind to a TCP port, runtime parameters must be supplied to the docker command.
-# But we can document in the Dockerfile what ports
-# the application is going to listen on by default.
-# https://docs.docker.com/engine/reference/builder/#expose
-# EXPOSE 8080
+COPY --from=base /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=base /etc/passwd /etc/passwd
+COPY --from=base /etc/group /etc/group
+
+COPY --from=base /main .
+
+USER small-user:small-user
 
-# Run
 CMD ["/main"]
\ No newline at end of file