diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 9604700..df6f69d 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -3,7 +3,7 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-name: Trivy vulnerability scan
+name: Trivy Vulnerability Scan
 
 on:
   push:
@@ -22,7 +22,7 @@ permissions:
 
 jobs:
   build:
-    name: Trivy vulnerability scan
+    name: Vulnerability scan
     permissions:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
@@ -40,8 +40,7 @@ jobs:
         uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54
         with:
           image-ref: 'docker.io/${{ env.IMAGE_NAME }}:trivy-${{ github.sha }}'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
+          format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
 
diff --git a/Dockerfile b/Dockerfile
index a05b39a..f0ebcae 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -39,24 +39,30 @@ LABEL org.opencontainers.image.created=${BUILD_DATE} \
 
 ################################################### ############################
 # Install chronyd and necessary packages
-RUN apk add --update --no-cache bind ca-certificates tzdata \
+RUN apk --update --no-cache upgrade \
+    && apk add --update --no-cache bind ca-certificates tzdata \
+    && rm -rf /var/cache/apk/* \
     && update-ca-certificates \
     && cp /usr/share/zoneinfo/${TZ} /etc/localtime \
-    && echo $TZ > /etc/timezone
+    && echo $TZ > /etc/timezone \
+    && mkdir -p /etc/bind /var/lib/bind /var/cache/bind \
+    && chown -R named:named /etc/bind /var/lib/bind \
+    && chown -R root:named /var/cache/bind \
+    && chmod -R u+rw,g+rw,o-rwx /var/cache/bind /var/lib/bind \
+    && chmod -R u+rw,g+w,g-w,o-rwx /etc/bind 
 
 ###############################################################################
 # Copy files
-COPY container-files/entrypoint.sh /entrypoint.sh
 COPY container-files/named.conf /etc/bind/named.conf
 COPY container-files/db.* /var/lib/bind/zones/
 
 ###############################################################################
-# Healthcheck
-HEALTHCHECK CMD dig +norecurse +short +retry=0 @127.0.0.1 localhost || exit 1
+# Run in non-root context
+USER named
 
 ###############################################################################
 # Start chronyd
-CMD [ "/bin/sh", "entrypoint.sh" ]
+CMD [ "/usr/sbin/named", "-g", "-u", "named", "-c", "/etc/bind/named.conf" ]
 
 ###############################################################################
 #EOF
\ No newline at end of file
diff --git a/container-files/db.10.in-addr.arpa b/container-files/db.10.in-addr.arpa
index 1217a8a..e145d41 100644
--- a/container-files/db.10.in-addr.arpa
+++ b/container-files/db.10.in-addr.arpa
@@ -16,6 +16,7 @@ $TTL    3600
 3.53.10         3600    IN      PTR     ns02.example.com.
 129.31.124      3600    IN      PTR     server01.example.com.
 13.235.221      3600    IN      PTR     server02.example.com.
+1.33.234        3600    IN      PTR     time.example.com.
 
 ; -----------------------------------------------------------------------------
 ; EOF
diff --git a/container-files/db.example.com b/container-files/db.example.com
index c4a47f6..ff456df 100644
--- a/container-files/db.example.com
+++ b/container-files/db.example.com
@@ -18,6 +18,7 @@ ns01                  3600    IN      A       10.0.0.132
 ns02                  3600    IN      A       10.3.53.10
 server01              3600    IN      A       10.129.31.124
 server02              3600    IN      A       10.13.235.221
+time                  3600    IN      A       10.1.33.234
 
 ; -----------------------------------------------------------------------------
 ; EOF
\ No newline at end of file
diff --git a/container-files/entrypoint.sh b/container-files/entrypoint.sh
deleted file mode 100755
index 4500708..0000000
--- a/container-files/entrypoint.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-# =============================================================================
-# Container entrypoint
-# Bind Name Server Container
-# https://github.com/aessing/bind-container
-# -----------------------------------------------------------------------------
-# Developer.......: Andre Essing (https://github.com/aessing)
-#                                (https://www.linkedin.com/in/aessing/)
-# -----------------------------------------------------------------------------
-# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
-# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
-# =============================================================================
-
-mkdir -p /var/cache/bind
-
-chown -R named:named /etc/bind /var/lib/bind
-chown -R root:named /var/cache/bind
-
-chmod -R u+rw,g+rw,o-rwx /var/cache/bind /var/lib/bind
-chmod -R u+rw,g+w,g-w,o-rwx /etc/bind 
-
-/usr/sbin/named -u named -c /etc/bind/named.conf -g