diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ef72488..9ba99e9 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -2,9 +2,9 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "master" ]
+    branches: ["master"]
   pull_request:
-    branches: [ "master" ]
+    branches: ["master"]
   schedule:
     - cron: "0 6 * * 3"
 
@@ -20,7 +20,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ python ]
+        language: [python]
 
     steps:
       - name: Checkout
diff --git a/Dockerfile b/Dockerfile
index b294d30..0eb21a7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,11 +4,13 @@ FROM docker.io/library/erlang:${OTP_VERSION} AS builder
 
 COPY . /holmes
 WORKDIR /holmes
-RUN make
-RUN ./clone-proto-modules.sh /repos
+RUN make \
+  && ./clone-proto-modules.sh /repos
 
 FROM docker.io/library/erlang:${OTP_VERSION}-slim
 
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+# hadolint ignore=DL3008,DL3013
 RUN apt-get --yes update \
     && apt-get --yes --no-install-recommends install \
         curl \
@@ -24,8 +26,8 @@ RUN apt-get --yes update \
         python3-pip \
         wget \
         gnupg \
-    && pip install six \
-    && curl -fSsL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor |  tee /usr/share/keyrings/postgresql.gpg > /dev/null \
+    && pip install --no-cache-dir six \
+    && wget -O - -q https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor |  tee /usr/share/keyrings/postgresql.gpg > /dev/null \
     && echo deb [arch=amd64,arm64,ppc64el signed-by=/usr/share/keyrings/postgresql.gpg] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main | tee /etc/apt/sources.list.d/postgresql.list \
     && apt-get --yes update \
     && apt-get --yes --no-install-recommends install postgresql-client-15 \