diff --git a/.github/workflows/build-centraldashboard.yml b/.github/workflows/build-centraldashboard.yml
index 9ddb72fe3ad..4b0144036f7 100644
--- a/.github/workflows/build-centraldashboard.yml
+++ b/.github/workflows/build-centraldashboard.yml
@@ -33,24 +33,22 @@ jobs:
         docker rmi $(docker image ls -aq)
         df -h
 
-    # Container build and push to a Azure Container registry (ACR)
-    - name: Docker build/push
+    # Container build to a Azure Container registry (ACR)
+    - name: Docker build
       run: |
         docker build \
           -t ${{ env.REGISTRY_NAME }}.azurecr.io/kubeflow/centraldashboard:${{ github.sha }} \
           --build-arg kubeflowversion=$(git describe --abbrev=0 --tags) \
           --build-arg commit=$(git rev-parse HEAD) \
           components/centraldashboard/
-        docker push ${{ env.REGISTRY_NAME }}.azurecr.io/kubeflow/centraldashboard:${{ github.sha }}
-        docker tag ${{ env.REGISTRY_NAME }}.azurecr.io/kubeflow/centraldashboard:${{ github.sha }} \
-          ${{ env.REGISTRY_NAME }}.azurecr.io/kubeflow/centraldashboard:${GITHUB_REF#refs/*/}
-        docker push ${{ env.REGISTRY_NAME }}.azurecr.io/kubeflow/centraldashboard:${GITHUB_REF#refs/*/}
     
-    # Comment out for now while https://github.com/Azure/container-scan/issues/122 is still open
-    # ALSO should re-order this to actuall have it block the push if there is a critical severity
     # Scan image for vulnerabilities
-    #- uses: Azure/container-scan@v0
-    #  with:
-    #    image-name: ${{ env.REGISTRY_NAME }}.azurecr.io/kubeflow/centraldashboard:${{ github.sha }}
-    #    severity-threshold: CRITICAL
-    #    run-quality-checks: false
+    - uses: Azure/container-scan@v0
+      with:
+       image-name: ${{ env.REGISTRY_NAME }}.azurecr.io/kubeflow/centraldashboard:${{ github.sha }}
+       severity-threshold: CRITICAL
+       run-quality-checks: false
+    - name: Docker push
+      run: |
+        docker push ${{ env.REGISTRY_NAME }}.azurecr.io/kubeflow/centraldashboard:${{ github.sha }}
+    # Push once, https://github.com/StatCan/kubeflow/pull/87
diff --git a/components/centraldashboard/Dockerfile b/components/centraldashboard/Dockerfile
index 1d17384aad5..a1f14d57021 100644
--- a/components/centraldashboard/Dockerfile
+++ b/components/centraldashboard/Dockerfile
@@ -1,5 +1,7 @@
 # Step 1: Builds and tests
-FROM node:12.22.12-alpine AS build
+# This is a long-lived tag, if there is a vulnerability
+# sometimes a rebuild will set you on your way.
+FROM node:16-alpine AS build
 
 ARG kubeflowversion
 ARG commit
@@ -13,11 +15,14 @@ RUN apk update && apk upgrade && \
     echo @stable http://nl.alpinelinux.org/alpine/v3.15/community >> /etc/apk/repositories && \
     echo @stable http://nl.alpinelinux.org/alpine/v3.15/main >> /etc/apk/repositories
 
-RUN apk add --no-cache bash chromium@stable nss@stable \
-    freetype@stable \
-    harfbuzz@stable \
-    ttf-freefont@stable \
-    libstdc++@stable
+RUN apk add --no-cache \
+    bash \
+    chromium \
+    nss \
+    freetype \
+    harfbuzz \
+    ttf-freefont \
+    libstdc++
 
 RUN if [ "$(uname -m)" = "aarch64" ]; then \
         apk update && apk upgrade && \
@@ -31,16 +36,17 @@ RUN npm rebuild && \
     if [ "$(uname -m)" = "aarch64" ]; then \
         export CFLAGS=-Wno-error && \
         export CXXFLAGS=-Wno-error && \
-        npm install; \
+        npm install --legacy-peer-deps; \
     else \
-        npm install; \
+        npm install --legacy-peer-deps; \
     fi && \
     npm test && \
-    npm run build && \
-    npm prune --production
-
+    # --legacy-peer-deps is required in the update to node16
+    # https://github.com/pugjs/pug-loader/issues/126#issuecomment-796517327
+    npm run build --legacy-peer-deps && \
+    npm prune --production --legacy-peer-deps
 # Step 2: Packages assets for serving
-FROM node:12.22.12-alpine AS serve
+FROM node:16-alpine AS serve
 
 ENV NODE_ENV=production
 WORKDIR /app