diff --git a/docker/Dockerfile b/docker/Dockerfile
index 1e4431fe..ac962580 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -7,28 +7,37 @@ ADD docs docs
 RUN pip install . && rm pyproject.toml requirements.txt
 ENV PYTHONPATH=/app
 
+# Add a non-root user
+RUN groupadd -r appuser && useradd -r -g appuser appuser
+
 FROM base AS github_app
 ADD pr_insight pr_insight
+USER appuser
 CMD ["python", "-m", "gunicorn", "-k", "uvicorn.workers.UvicornWorker", "-c", "pr_insight/servers/gunicorn_config.py", "--forwarded-allow-ips", "*", "pr_insight.servers.github_app:app"]
 
 FROM base AS bitbucket_app
 ADD pr_insight pr_insight
+USER appuser
 CMD ["python", "pr_insight/servers/bitbucket_app.py"]
 
 FROM base AS bitbucket_server_webhook
 ADD pr_insight pr_insight
+USER appuser
 CMD ["python", "pr_insight/servers/bitbucket_server_webhook.py"]
 
 FROM base AS github_polling
 ADD pr_insight pr_insight
+USER appuser
 CMD ["python", "pr_insight/servers/github_polling.py"]
 
 FROM base AS gitlab_webhook
 ADD pr_insight pr_insight
+USER appuser
 CMD ["python", "pr_insight/servers/gitlab_webhook.py"]
 
 FROM base AS azure_devops_webhook
 ADD pr_insight pr_insight
+USER appuser
 CMD ["python", "pr_insight/servers/azuredevops_server_webhook.py"]
 
 FROM base AS test
@@ -36,7 +45,9 @@ ADD requirements-dev.txt .
 RUN pip install -r requirements-dev.txt && rm requirements-dev.txt
 ADD pr_insight pr_insight
 ADD tests tests
+USER appuser
 
 FROM base AS cli
 ADD pr_insight pr_insight
+USER appuser
 ENTRYPOINT ["python", "pr_insight/cli.py"]