diff --git a/Dockerfile b/Dockerfile
index 3900a025fa..9c178cc161 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,8 +17,9 @@ COPY . /go/src/github.com/supabase/auth
 # Make sure you change the RELEASE_VERSION value before publishing an image.
 RUN RELEASE_VERSION=unspecified make build
 
-# Always use alpine:3 so the latest version is used. This will keep CA certs more up to date.
-FROM alpine:3
+# Pin to a specific minor version for reproducibility and security.
+# Update this version periodically to get security patches and updated CA certs.
+FROM alpine:3.23
 RUN adduser -D -u 1000 supabase
 
 RUN apk add --no-cache ca-certificates