diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 93ec5bf..1ac7017 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,6 +15,8 @@ jobs:
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Install PHP
         uses: shivammathur/setup-php@v2
@@ -50,9 +52,12 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: master
+          persist-credentials: false
 
       - name: Checkout Code
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Install PHP
         uses: shivammathur/setup-php@v2
@@ -63,12 +68,17 @@ jobs:
         run: composer update --prefer-stable --prefer-dist --no-progress
 
       - name: Lint Code
-        uses: super-linter/super-linter@v7
+        uses: super-linter/super-linter@v8.3.1
         env:
           FILTER_REGEX_EXCLUDE: .*vendor.*
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VALIDATE_BIOME_FORMAT: false
+          VALIDATE_BIOME_LINT: false
           VALIDATE_CHECKOV: false
+          VALIDATE_GITHUB_ACTIONS_ZIZMOR: false
           VALIDATE_JSCPD: false
-          VALIDATE_PHP_PSALM: false
+          VALIDATE_PHP_BUILTIN: false
+          VALIDATE_PHP_PHPCS: false
           VALIDATE_PHP_PHPSTAN: false # temporary disabled until superlinter supports phpstan 2
+          VALIDATE_PHP_PSALM: false
           VALIDATE_YAML_PRETTIER: false
diff --git a/Dockerfile b/Dockerfile
index 460aa40..2e3e8a3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,9 +4,10 @@ FROM php:7.4
 RUN apt-get update \
     && apt-get install -y --no-install-recommends libxml2-dev \
     && rm -rf /var/lib/apt/lists/* \
-    && docker-php-source extract \
-    && cd /usr/src/php \
-    && ./configure --enable-phpdbg \
+    && docker-php-source extract
+
+WORKDIR /usr/src/php
+RUN ./configure --enable-phpdbg \
     && docker-php-source delete
 
 # Install composer and required packages
@@ -14,6 +15,15 @@ RUN apt-get update \
     && apt-get install -y --no-install-recommends unzip \
     && rm -rf /var/lib/apt/lists/*
 
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
 
 WORKDIR /app
+
+# Add healthcheck
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD php -v || exit 1
+
+# Run as non-root user
+RUN useradd -m -u 1000 appuser && chown -R appuser:appuser /app
+USER appuser
diff --git a/README.md b/README.md
index 14d3a1c..654a346 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ includes:
 
 ## Install for Local Development
 
-### With docker
+### With Docker
 
 ```bash
 git clone git@github.com:timeweb/phpstan-enum.git
@@ -41,7 +41,7 @@ make install
 make phpunit
 ```
 
-### Without docker (localy installed actual version of php, composer, etc)
+### Without Docker (localy installed actual version of php, composer, etc)
 
 ```bash
 git clone git@github.com:timeweb/phpstan-enum.git