diff --git a/Dockerfile b/Dockerfile
index 4ee8a3c..16b627b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,28 @@
 FROM python:3.12-slim-trixie
 COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+WORKDIR /app
+RUN chmod -R go-w /app
+RUN useradd -m appuser
+RUN chown -R appuser:appuser /app
 
-# Copy the project into the image
-COPY . /app
+HEALTHCHECK CMD python -c "import socket; socket.create_connection(('localhost', 8080), 2)" || exit 1
+USER appuser
 
 # Disable development dependencies
 ENV UV_NO_DEV=1
 
+# Install dependencies
+RUN --mount=type=cache,target=/root/.cache/uv \
+    --mount=type=bind,source=uv.lock,target=uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    uv sync --locked --no-install-project
+
+# Copy the project into the image
+COPY . /app
+
 # Sync the project into a new environment, asserting the lockfile is up to date
-WORKDIR /app
-RUN uv sync --locked
+
+RUN --mount=type=cache,target=/root/.cache/uv \
+    uv sync --locked
 # Run the application
 CMD ["uv", "run", "main.py"]