- Remove database port exposure from docker-compose.yml - Create non-root users in the Dockerfiles - Implement Docker secrets management by creating secrets/ directory and to use secret files instead of hardcoded credentials - Add security contexts and resource limits including no-new-privileges, read-only filesystem, capability dropping, and CPU/memory constraints - Update base images to latest stable versions - Implement health checks and monitoring in both Dockerfiles with proper interval, timeout, and retry configurations
