diff --git a/Dockerfile b/Dockerfile
index a89955a..75c6ab3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,11 @@ RUN wget https://go.dev/dl/go1.23.1.linux-amd64.tar.gz && tar -xf go1.23.1.linux
 COPY --from=builder /app/build/goscan /goscan
 COPY ./entrypoint.sh /entrypoint.sh
 COPY --from=builder /app .
-
 RUN chmod +x /goscan && chmod +x /entrypoint.sh
 
+RUN curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b /usr/local/bin
+
+USER nobody
+ENV PATH="/usr/local/go/bin:${PATH}"
+
 ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file
diff --git a/entrypoint.sh b/entrypoint.sh
index e9f21b7..f0789c7 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,6 +1,4 @@
 #!/bin/sh
 
-curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b /usr/local/bin
-# gosec -r -no-fail -fmt sarif -out output.sarif "$PWD"
 /goscan --is-action
 cat output.sarif
\ No newline at end of file