diff --git a/Dockerfile b/Dockerfile
index 002c9a4aecd..2fdd324c806 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,6 +2,9 @@ FROM cgr.dev/chainguard/go@sha256:74bc9af1d45fd1c8d432a89148c5e413711204636b54ca
 
 RUN adduser -u 1000 -h home/kics -s bin/bash -D kics
 
+RUN chown -hR kics /app/ 
+USER kics
+
 # Copy the source from the current directory to the Working Directory inside the container
 WORKDIR /app
 
@@ -28,9 +31,7 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \
     -a -installsuffix cgo \
     -o bin/kics cmd/console/main.go
 
-
-RUN chown -hR kics /app/ 
-USER kics
+USER nonroot
 
 # Runtime image
 # Ignore no User Cmd since KICS container is stopped afer scan