diff --git a/Dockerfile b/Dockerfile
index 234abb6a0bbbc0d038a9884ec77e6a23fd1b9f39..07825fab8c4c57ddbb25cc06aa679cc15ff2a0ed 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,20 +1,23 @@
 FROM python:3.11-alpine
+WORKDIR /app
 
 ARG ARTIFACT_VERSION
 
-RUN apk add gcc libc-dev libffi-dev
+RUN apk add --no-cache gcc libc-dev libffi-dev && \
+    addgroup -S appgroup && adduser -S appuser -G appgroup -h /app
+USER appuser
+
 RUN pip install \
     --pre \
     --extra-index-url https://artifactory.software.geant.org/artifactory/api/pypi/geant-swd-pypi/simple \
     --target /app \
     geant-service-orchestrator==${ARTIFACT_VERSION}
 
-WORKDIR /app
-
 # Create the directory for the configuration and copy the example config into it
 # NOTE: a real config must be mounted at /etc/gso/config.json when running the container
-RUN mkdir -p /etc/gso
-COPY gso/oss-params-example.json /etc/gso/config.json
+RUN mkdir -p /etc/gso && \
+    chown -R appuser:appgroup /etc/gso
+COPY --chown=appuser:appgroup gso/oss-params-example.json /etc/gso/config.json
 
 # Expose port 8080 for the FastAPI application
 EXPOSE 8080
@@ -27,7 +30,8 @@ ENV TRANSLATIONS_DIR=/app/gso/translations/
 # Run database migrations
 RUN mv gso/migrations gso/migrations_temp
 RUN PYTHONPATH=. python gso/main.py db init
-RUN rm -rf gso/migrations && mv gso/migrations_temp gso/migrations
+RUN rm -rf gso/migrations && \
+    mv gso/migrations_temp gso/migrations
 RUN PYTHONPATH=. python gso/main.py db upgrade heads
 
 # Start the FastAPI application