diff --git a/.dockerignore b/.dockerignore
index ebd04512957abde0917798fb51584b6bf6087cf6..914a2f32b27a0766aa37f4dbfcd4c2953c479bfc 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,3 +1,5 @@
+.git/
+
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
diff --git a/Dockerfile b/Dockerfile
index 4e2293a7e9e78f87bd52bf367d7458a39f8dde78..188fa8332cb15d81da58be606fe4ac9642aef179 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,12 +1,32 @@
-FROM python:3.10.2-slim-bullseye
+FROM debian:bullseye-20220228-slim
+
+# add python virtualenv and tools dir to path to be able to invoke commands
+ENV PATH="/iac-scan-runner/.venv/bin:/iac-scan-runner/tools:$PATH"
+CMD ["uvicorn", "iac_scan_runner.api:app", "--host", "0.0.0.0", "--port", "80"]
+
+# set working directory
+WORKDIR /iac-scan-runner/src
 
-# copy all files
 COPY . /iac-scan-runner
-WORKDIR /iac-scan-runner
 
-# install system and API requirements
-RUN apt-get update \
-    && apt-get -y install build-essential bash gcc git openssh-client ruby-full curl wget default-jdk nodejs npm \
+RUN cd /iac-scan-runner \
+    && apt-get update \
+    && apt-get -y install --no-install-recommends \
+        build-essential \
+	bash \
+	gcc \
+	git \
+	openssh-client \
+	curl \
+	wget \
+	openjdk-17-jre \
+	ruby2.7 \
+	nodejs \
+	npm \
+	unzip \
+	python3 \
+	python3-pip \
+	python3-venv \
     && apt-get update \
     && mkdir -p /usr/share/man/man1 \
     && npm i npm@latest -g \
@@ -14,14 +34,18 @@ RUN apt-get update \
     && . .venv/bin/activate \
     && pip3 install --upgrade pip \
     && pip install -r requirements.txt \
-    && ./install-checks.sh
+    && ./install-checks.sh \
+    && npm uninstall npm \
+    && apt-get -y remove \
+        build-essential \
+	gcc \
+	npm \
+	curl \
+	wget \
+    && apt-get autoremove -y \
+    && apt-get autoclean -y \
+    && apt-get clean -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && rm -rf /var/cache/* \
+    && rm -rf /root/.cache/
 
-#add python virtualenv and tools dir to path to be able to invoke commands
-ENV PATH="/iac-scan-runner/.venv/bin:$PATH"
-ENV PATH="/iac-scan-runner/tools:$PATH"
-
-# set working directory
-WORKDIR /iac-scan-runner/src
-
-# start the API
-CMD ["uvicorn", "iac_scan_runner.api:app", "--host", "0.0.0.0", "--port", "80"]
diff --git a/install-checks.sh b/install-checks.sh
index 19a354d7b393a0fb85a2e375cb74aafab07a4abc..638664afdb7fa25dcccf797ed312882e1588d771 100755
--- a/install-checks.sh
+++ b/install-checks.sh
@@ -6,7 +6,7 @@ export ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 export VIRTUALENV_DIR="${ROOT_DIR}/.venv"
 export TOOLS_DIR="${ROOT_DIR}/tools"
 export TMP_DIR="${TOOLS_DIR}/tmp"
-export NODE_MODULES_DIR="${TOOLS_DIR}/node_modules"
+export NODE_MODULES_DIR="${ROOT_DIR}/node_modules"
 export CONFIG_DIR="${ROOT_DIR}/config"
 # env vars for check executables
 export OPERA_CHECK_PATH="${VIRTUALENV_DIR}/bin/opera/"
@@ -90,10 +90,7 @@ installMarkdownLintIfNot() {
 
 installRequiredNpmModulesIfNot() {
   if [ ! -f "$NODE_MODULES_DIR" ]; then
-    cp package.json "${TOOLS_DIR}/package.json"
-    cp package-lock.json "${TOOLS_DIR}/package-lock.json"
-    npm i --prefix "${TOOLS_DIR}" --force
-    rm "${TOOLS_DIR}/package.json" "${TOOLS_DIR}/package-lock.json"
+    npm install --force
   fi
 }