diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 4646e7f..daeb361 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,12 +1,21 @@
 FROM mcr.microsoft.com/devcontainers/base:ubuntu
 
+# add healthcheck
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost/ || exit 1
+
+# create non-root user
+RUN useradd -m -s /bin/bash devuser
+USER devuser
+
 # Set non-interactive mode for APT
 ENV DEBIAN_FRONTEND=noninteractive
 
 # Install necessary packages
+# trunk-ignore(hadolint/DL3008)
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    build-essential \
-    curl \
+    build-essential=12.9ubuntu3 \
+    curl=7.81.0-1ubuntu1.15 \
     git \
     libssl-dev \
     pkg-config \
diff --git a/Dockerfile b/Dockerfile
index 4caa5a8..29e0a89 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,15 +1,20 @@
 FROM rust:1.82 AS builder
+RUN groupadd -r appuser && useradd -r -g appuser appuser
 WORKDIR /usr/src/app
 COPY . .
-RUN cargo build --release
+RUN cargo build --release && \
+    chown -R appuser:appuser /usr/src/app
+USER appuser
 
 FROM ubuntu:22.04
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    libssl3 \
-    supervisor && \
+    libssl3=3.0.2-0ubuntu1.15 \
+    supervisor=4.2.1-2ubuntu4 && \
     rm -rf /var/lib/apt/lists/*
 COPY --from=builder /usr/src/app/target/release/hash_hunter /usr/local/bin/hash_hunter
 COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 WORKDIR /usr/src/app
 RUN mkdir -p /usr/src/app/gen
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
+    CMD pgrep supervisord || exit 1
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
\ No newline at end of file
diff --git a/linter.py b/linter.py
index 4052666..f3ac256 100644
--- a/linter.py
+++ b/linter.py
@@ -16,8 +16,8 @@ def lint_and_uncapitalize_comments(file_path):
             if stripped_line.startswith("#"):
                 # find the comment text after the `#`
                 comment = stripped_line[1:].lstrip()
-                # check if it starts with a capital letter
-                if comment and comment[0].isupper():
+                # check if it starts with a capital letter, but ignore "SAFETY:" comments
+                if comment and comment[0].isupper() and not comment.lstrip().startswith("SAFETY:"):
                     # replace the line with the uncapitalized comment
                     new_comment = comment[0].lower() + comment[1:]
                     line = line.replace(comment, new_comment, 1)
@@ -37,6 +37,10 @@ def lowercase_comment_leading_letter(file_path):
 
         with open(file_path, "w", encoding="utf-8") as file:
             for line in lines:
+                # skip lowercasing if the comment contains "SAFETY:"
+                if "SAFETY:" in line:
+                    file.write(line)
+                    continue
                 match = re.match(r"^\s*//+\s*([A-Z])", line)
                 if match:
                     line = re.sub(r"^(\s*//+\s*)([A-Z])", lambda m: m.group(1) + m.group(2).lower(), line)