Instead of an Alpine container for the program, transition to a distroless container.
By design, these containers contain no shell, no packager manager, or anything you'd expect to find in a standard distribution. This heavily limits what a theoretical attacker can do because this container only has one job: run the application.
* Added multi-staged container build and a user
This reduces the image size from 2Gb to 92Mb by only put the necessary files into the container.
Container now runs without root priviliges.
* Add EXPOSE to Dockerfile