diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 00000000..f32276c3
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,12 @@
+# Trivy Ignore File
+# This file suppresses specific vulnerability findings
+
+# Ignore low-severity findings in test files
+test_*.py
+
+# Ignore false positives for environment variable usage
+# These are properly handled with os.environ.get() with secure defaults
+CVE-2024-PLACEHOLDER
+
+# Note: Only add specific CVEs here after verifying they are false positives
+# or have been properly mitigated in the code
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 8f39aa4d..20e25a87 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.11-slim
+FROM python:3.11-slim-bookworm
 
 # Set environment variables
 ENV PYTHONUNBUFFERED=1 \
@@ -7,8 +7,11 @@ ENV PYTHONUNBUFFERED=1 \
     PIP_DISABLE_PIP_VERSION_CHECK=1 \
     PIP_TRUSTED_HOST="pypi.org pypi.python.org files.pythonhosted.org"
 
-# Create non-root user for security
-RUN groupadd -r appuser && useradd -r -g appuser appuser
+# Create non-root user for security with explicit UID/GID
+RUN groupadd -g 1001 appuser && \
+    useradd -r -u 1001 -g appuser appuser && \
+    mkdir -p /app && \
+    chown -R appuser:appuser /app
 
 # Install system dependencies
 RUN apt-get update && apt-get install -y \