diff --git a/app/Dockerfile b/app/Dockerfile
index 8cf2ac45..c2137079 100644
--- a/app/Dockerfile
+++ b/app/Dockerfile
@@ -1,7 +1,7 @@
 # This file is largely based on the template-application-flask Dockerfile and
 # Next.js Docker example: https://github.com/vercel/next.js/blob/canary/examples/with-docker-compose
 # =============================================================================
-FROM node:18-alpine AS base
+FROM node:18-bullseye-slim AS base
 WORKDIR /app
 
 # Install dependencies
@@ -56,9 +56,13 @@ RUN npm run build -- --no-lint
 # Run the Next.js server
 # =====================================
 # Use clean image for release, excluding any unnecessary files or dependencies
-FROM node:18-alpine AS release
+FROM node:18-bullseye-slim AS release
 WORKDIR /app
 
+# Release stage doesn't have a need for `npm`, so remove it to avoid 
+# any vulnerabilities specific to NPM
+RUN npm uninstall -g npm
+
 # Don't run production as root
 RUN addgroup --system --gid 1001 nodejs
 RUN adduser --system --uid 1001 nextjs
@@ -81,4 +85,4 @@ ENV PORT 3000
 
 EXPOSE 3000
 
-CMD ["node", "server.js"]
\ No newline at end of file
+CMD ["node", "server.js"]
diff --git a/app/Makefile b/app/Makefile
index 42e09670..84b4cdbb 100644
--- a/app/Makefile
+++ b/app/Makefile
@@ -27,6 +27,7 @@ export RUN_UID
 ##################################################
 release-build:
 	docker buildx build \
+	  --target release \
 		--platform=linux/amd64 \
 		--build-arg RUN_USER=$(RUN_USER) \
 		--build-arg RUN_UID=$(RUN_UID) \
@@ -45,4 +46,4 @@ storybook: # Run the Storybook local dev server in Docker
 	docker compose logs --follow storybook
 
 stop:
-	docker-compose down
\ No newline at end of file
+	docker-compose down