diff --git a/Dockerfile b/Dockerfile
index 252b9a5..4985a24 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,10 +20,7 @@ ENV PATH=/root/.cargo/bin:$PATH
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 RUN cargo install resvg
 
-# copy node_modules from temp directory
-# then copy all (non-ignored) project files into the image
-# will switch to alpine again when it works
-FROM oven/bun:1.2.4-slim AS prerelease
+FROM base AS prerelease
 WORKDIR /app
 COPY --from=install /temp/dev/node_modules node_modules
 COPY . .
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..023c4bc
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest release is supported
+
+## Reporting a Vulnerability
+
+To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/C4illin/ConvertX/security/advisories/new) tab.