diff --git a/Dockerfile b/Dockerfile
index 614ba6fd3b..a9ec82b26a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1.4.3-labs
 FROM lukemathwalker/cargo-chef:0.1.39-rust-1.63.0-slim-buster as planner
 WORKDIR app
 COPY . .
@@ -25,6 +26,21 @@ RUN cargo build --release --locked --no-default-features
 RUN rm -f target/release/deps/git_cliff*
 
 FROM debian:buster-slim as runner
-WORKDIR app
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    --allow-unauthenticated git \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
 COPY --from=builder /app/target/release/git-cliff /usr/local/bin
-ENTRYPOINT ["git-cliff"]
+RUN groupadd -r git && \
+    useradd -r -g git -d /git-home -s /sbin/nologin git-user
+WORKDIR git-home
+RUN chown -R git-user:git /git-home
+USER git-user
+RUN git config --global --add safe.directory '/git-home/app'
+RUN cat <<'EOF' > entrypoint.sh
+#!/bin/sh
+cp -r /app /git-home/app
+cd /git-home/app
+exec git-cliff "$@"
+EOF
+ENTRYPOINT ["sh", "entrypoint.sh"]
diff --git a/README.md b/README.md
index c1d3edddb6..c5d1bdec07 100644
--- a/README.md
+++ b/README.md
@@ -312,7 +312,7 @@ Or you can use the image from the [GitHub Package Registry](https://github.com/o
 docker run -t -v "$(pwd)/.git":/app/ docker.pkg.github.com/orhun/git-cliff/git-cliff:latest
 ```
 
-Also, you can build the image yourself using `docker build -t git-cliff .` command.
+Also, you can build the image yourself using `DOCKER_BUILDKIT=1 docker build -t git-cliff .` command.
 
 ## GitHub Actions