diff --git a/Dockerfile b/Dockerfile
index 4e6544c..a9ee948 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,16 @@
 FROM node:22.17.0
 LABEL author="internxt"
 
+RUN groupadd -r nodeuser && useradd -r -g nodeuser nodeuser
+USER nodeuser
+
 WORKDIR /usr/app
 
 COPY package.json ./
 COPY yarn.lock ./
 
 RUN yarn
-COPY . ./
+COPY --chown=nodeuser:nodeuser . ./
 
 RUN yarn build
 
diff --git a/development.Dockerfile b/development.Dockerfile
index 076c428..7ffb535 100644
--- a/development.Dockerfile
+++ b/development.Dockerfile
@@ -1,12 +1,14 @@
-FROM node:22.13.1
+FROM node:22.17.0
 
+RUN groupadd -r nodeuser && useradd -r -g nodeuser nodeuser
+USER nodeuser
 WORKDIR /usr/app
 
 COPY package.json ./
 COPY yarn.lock ./
 
 RUN yarn
-COPY . ./
+COPY --chown=nodeuser:nodeuser . ./
 
 RUN rm -rf dist && yarn build
 
diff --git a/docker-compose.yml b/docker-compose.yml
index ae386db..1b2ff79 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,8 +1,8 @@
-version: '3.9'
-
 services:
   meet-database:
     image: postgres:15
+    security_opt:
+      - no-new-privileges:true
     container_name: meet-database
     restart: always
     volumes:
@@ -23,6 +23,8 @@ services:
       timeout: 5s
 
   meet-server:
+    security_opt:
+      - no-new-privileges:true
     container_name: meet-server
     build:
       context: .
@@ -46,3 +48,4 @@ services:
 networks:
   internxt:
     name: internxt
+    external: true