diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3189bd87..4aa6231c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -137,6 +137,7 @@ jobs:
         run: |
           cargo build
           mkdir -p binaries
+          # Same binary for both arch variants — scan-only, not for deployment
           cp target/debug/zeph binaries/zeph-amd64
           cp target/debug/zeph binaries/zeph-arm64
         env:
@@ -153,7 +154,7 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.34.0
         with:
           image-ref: zeph:local
           format: sarif
@@ -161,6 +162,7 @@ jobs:
           severity: CRITICAL,HIGH
           ignore-unfixed: true
           exit-code: '1'
+          limit-severities-for-sarif: true
       - name: Upload Trivy results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v4
         if: always()
diff --git a/Dockerfile b/Dockerfile
index 68607db2..e5cd8900 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,17 +1,12 @@
-FROM container-registry.oracle.com/os/oraclelinux:9-slim
+FROM debian:bookworm-slim
 
 ARG TARGETARCH
 
-RUN microdnf update -y && \
-    (microdnf module enable nodejs:25 -y 2>/dev/null || \
-     microdnf module enable nodejs:24 -y 2>/dev/null || \
-     microdnf module enable nodejs:22 -y 2>/dev/null || \
-     microdnf module enable nodejs:20 -y) && \
-    microdnf install -y \
-    shadow-utils ca-certificates \
-    curl wget git jq file findutils iproute procps-ng systemd util-linux \
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    curl wget git jq file findutils iproute2 procps \
     nodejs npm python3 && \
-    microdnf clean all && \
+    rm -rf /var/lib/apt/lists/* && \
     useradd --system --create-home --shell /sbin/nologin zeph
 
 WORKDIR /app
diff --git a/Dockerfile.dev b/Dockerfile.dev
index 1a3317a1..8dbc7709 100644
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -2,10 +2,6 @@ FROM rust:1.88-slim AS builder
 
 ARG CARGO_FEATURES=""
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    pkg-config libssl-dev && \
-    rm -rf /var/lib/apt/lists/*
-
 WORKDIR /build
 
 # Cache dependencies in a separate layer
@@ -28,18 +24,13 @@ RUN touch src/main.rs && \
     for d in crates/*/src/lib.rs; do touch "$d"; done && \
     cargo build --release ${CARGO_FEATURES:+--features $CARGO_FEATURES}
 
-FROM container-registry.oracle.com/os/oraclelinux:9-slim
+FROM debian:bookworm-slim
 
-RUN microdnf update -y && \
-    (microdnf module enable nodejs:25 -y 2>/dev/null || \
-     microdnf module enable nodejs:24 -y 2>/dev/null || \
-     microdnf module enable nodejs:22 -y 2>/dev/null || \
-     microdnf module enable nodejs:20 -y) && \
-    microdnf install -y \
-    shadow-utils ca-certificates \
-    curl wget git jq file findutils iproute procps-ng systemd util-linux \
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    curl wget git jq file findutils iproute2 procps \
     nodejs npm python3 && \
-    microdnf clean all && \
+    rm -rf /var/lib/apt/lists/* && \
     useradd --system --create-home --shell /sbin/nologin zeph
 
 WORKDIR /app