diff --git a/Dockerfile b/Dockerfile
index 0e713c3..ee372ce 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -30,20 +30,21 @@ RUN echo "Building for $GOARCH" \
     && ln -sf `pwd` ${GOPATH}/src/github.com/kubernetes-sigs/dashboard-metrics-scraper \
     && GOARCH=${GOARCH} hack/build.sh 
 
+# Create a nonroot user for final image
+RUN useradd -u 10001 nonroot 
+
 # Final stage: the running container.
 FROM scratch AS final
 
-# Import the Certificate-Authority certificates for enabling HTTPS.
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-
 # Import the compiled executable from the second stage.
 COPY --from=builder /metrics-sidecar /metrics-sidecar
 
-# We need a tmp folder too
-COPY --from=builder /tmp /tmp
+# Copy nonroot user
+COPY --from=builder /etc/passwd /etc/passwd
 
 # Declare the port on which the webserver will be exposed.
 EXPOSE 8080
+USER nonroot
 
 # Run the compiled binary.
 ENTRYPOINT ["/metrics-sidecar"]