diff --git a/src/fetch/Dockerfile b/src/fetch/Dockerfile
index 7e8824c471..9a8759ad87 100644
--- a/src/fetch/Dockerfile
+++ b/src/fetch/Dockerfile
@@ -12,8 +12,8 @@ ENV UV_LINK_MODE=copy
 
 # Install the project's dependencies using the lockfile and settings
 RUN --mount=type=cache,target=/root/.cache/uv \
-    --mount=type=bind,source=uv.lock,target=uv.lock \
-    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    --mount=type=bind,source=uv.lock,target=uv.lock,Z \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml,Z \
     uv sync --frozen --no-install-project --no-dev --no-editable
 
 # Then, add the rest of the project source code and install it
@@ -27,6 +27,10 @@ FROM python:3.12-slim-bookworm
 WORKDIR /app
  
 COPY --from=uv /root/.local /root/.local
+
+RUN if ! id -u app >/dev/null 2>&1; then \
+      useradd -rUM -s /usr/sbin/nologin app; \
+    fi
 COPY --from=uv --chown=app:app /app/.venv /app/.venv
 
 # Place executables in the environment at the front of the path
diff --git a/src/git/Dockerfile b/src/git/Dockerfile
index 2746d63419..da804f2aa7 100644
--- a/src/git/Dockerfile
+++ b/src/git/Dockerfile
@@ -12,8 +12,8 @@ ENV UV_LINK_MODE=copy
 
 # Install the project's dependencies using the lockfile and settings
 RUN --mount=type=cache,target=/root/.cache/uv \
-    --mount=type=bind,source=uv.lock,target=uv.lock \
-    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    --mount=type=bind,source=uv.lock,target=uv.lock,Z \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml,Z \
     uv sync --frozen --no-install-project --no-dev --no-editable
 
 # Then, add the rest of the project source code and install it
@@ -29,6 +29,10 @@ RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
 WORKDIR /app
  
 COPY --from=uv /root/.local /root/.local
+
+RUN if ! id -u app >/dev/null 2>&1; then \
+      useradd -rUM -s /usr/sbin/nologin app; \
+    fi
 COPY --from=uv --chown=app:app /app/.venv /app/.venv
 
 # Place executables in the environment at the front of the path
diff --git a/src/time/Dockerfile b/src/time/Dockerfile
index bd62ea84a4..cde12b470d 100644
--- a/src/time/Dockerfile
+++ b/src/time/Dockerfile
@@ -12,8 +12,8 @@ ENV UV_LINK_MODE=copy
 
 # Install the project's dependencies using the lockfile and settings
 RUN --mount=type=cache,target=/root/.cache/uv \
-    --mount=type=bind,source=uv.lock,target=uv.lock \
-    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    --mount=type=bind,source=uv.lock,target=uv.lock,Z \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml,Z \
     uv sync --frozen --no-install-project --no-dev --no-editable
 
 # Then, add the rest of the project source code and install it
@@ -27,6 +27,10 @@ FROM python:3.12-slim-bookworm
 WORKDIR /app
  
 COPY --from=uv /root/.local /root/.local
+
+RUN if ! id -u app >/dev/null 2>&1; then \
+      useradd -rUM -s /usr/sbin/nologin app; \
+    fi
 COPY --from=uv --chown=app:app /app/.venv /app/.venv
 
 # Place executables in the environment at the front of the path