diff --git a/.gitignore b/.gitignore
index 4fe0131b6..91c9da344 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,4 +16,8 @@
 
 # Standard configuration file names
 .corso_test.toml
-.corso.toml
\ No newline at end of file
+.corso.toml
+
+# Build directories
+/bin
+/docker/bin
\ No newline at end of file
diff --git a/build/Dockerfile b/build/Dockerfile
new file mode 100644
index 000000000..562c6521a
--- /dev/null
+++ b/build/Dockerfile
@@ -0,0 +1,14 @@
+FROM golang:1.18
+
+ARG uid=1000
+ARG gid=1000
+
+# Dockerfile with static deps that won't be changed. Right now there's no deps
+# outside of what the go.mod file has to manage. Makes a user in the container
+# with the same UID and GID as the current user so that the mounted directory
+# doesn't end up with files with strange permissions.
+
+RUN if [ ! $(getent group ${gid}) ]; then groupadd -g "${gid}" build; fi && \
+    useradd -m -u "${uid}" -g "${gid}" build
+
+USER build:${gid}
diff --git a/build/README.md b/build/README.md
new file mode 100644
index 000000000..505d8bd1e
--- /dev/null
+++ b/build/README.md
@@ -0,0 +1,18 @@
+# Corso build image
+
+The Corso build image is a docker image that
+can be used to dev/test/build Corso
+
+## Creating the build image
+
+Run `build.sh` to create `docker.io/alcionai/base-dev`
+```
+$ ./build.sh
+```
+
+## Launching the build image
+
+Run `run_dev.sh` to launch into the build image. It will mount the corso src directory at `/`
+```
+$ ./run_dev.sh
+```
\ No newline at end of file
diff --git a/build/build.sh b/build/build.sh
new file mode 100755
index 000000000..8a3fdbb62
--- /dev/null
+++ b/build/build.sh
@@ -0,0 +1,27 @@
+#! /bin/bash
+
+# Builds a docker image that contains the deps for the current version of the
+# code. Image expects dev directory to be mounted in the container at runtime.
+
+source paths.sh
+
+BASE_TAG="alcionai/base-dev"
+
+buildImage() {
+  docker build \
+    -f Dockerfile \
+    -t "$BASE_TAG" \
+    --build-arg uid=$(id -u) \
+    --build-arg gid=$(id -g) \
+    .
+  docker run \
+    -v "$REPO_CODE":"$GOLANG_REPO_PATH" \
+    --name build-tmp \
+    -w "$GOLANG_REPO_PATH" \
+    -it \
+    "$BASE_TAG" go get
+  docker commit build-tmp "$DEV_TAG"
+  docker rm build-tmp
+}
+
+buildImage
diff --git a/docker/paths.sh b/build/paths.sh
similarity index 100%
rename from docker/paths.sh
rename to build/paths.sh
diff --git a/docker/run_dev.sh b/build/run_dev.sh
similarity index 100%
rename from docker/run_dev.sh
rename to build/run_dev.sh
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 562c6521a..09b9c56d2 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,14 +1,11 @@
-FROM golang:1.18
+# syntax=docker/dockerfile:1
 
-ARG uid=1000
-ARG gid=1000
+FROM gcr.io/distroless/base-debian10
 
-# Dockerfile with static deps that won't be changed. Right now there's no deps
-# outside of what the go.mod file has to manage. Makes a user in the container
-# with the same UID and GID as the current user so that the mounted directory
-# doesn't end up with files with strange permissions.
+WORKDIR /
 
-RUN if [ ! $(getent group ${gid}) ]; then groupadd -g "${gid}" build; fi && \
-    useradd -m -u "${uid}" -g "${gid}" build
+COPY ./bin/corso ./
+    
+USER nonroot:nonroot
 
-USER build:${gid}
+ENTRYPOINT ["/corso"] 
\ No newline at end of file
diff --git a/docker/README.md b/docker/README.md
new file mode 100644
index 000000000..499f75924
--- /dev/null
+++ b/docker/README.md
@@ -0,0 +1,13 @@
+# Corso Dockerfile
+
+## Instructions
+
+The docker image build currently expects the `corso` binary to be available in the same directory.
+
+-  Build the `corso` binary in the build image. See instructions in the `build` directory.
+
+- Copy the `corso` binary to `$REPO/docker/bin` and run `build.sh`
+
+```
+$ ./build.sh
+```
\ No newline at end of file
diff --git a/docker/build.sh b/docker/build.sh
index 8a3fdbb62..2735ea044 100755
--- a/docker/build.sh
+++ b/docker/build.sh
@@ -1,27 +1,19 @@
 #! /bin/bash
 
-# Builds a docker image that contains the deps for the current version of the
-# code. Image expects dev directory to be mounted in the container at runtime.
+# Builds a docker image that wraps the corso binary
 
-source paths.sh
+IMAGE_NAME="alcionai/corso"
+VERSION=$(git describe --tags --always --dirty)
+CORSO_BINARY="./bin/corso"
 
-BASE_TAG="alcionai/base-dev"
+if [ ! -f "$CORSO_BINARY" ]; then
+    echo "$CORSO_BINARY does not exist. Build corso and ensure the binary is available at $CORSO_BINARY"
+    exit 1
+fi
 
 buildImage() {
-  docker build \
-    -f Dockerfile \
-    -t "$BASE_TAG" \
-    --build-arg uid=$(id -u) \
-    --build-arg gid=$(id -g) \
-    .
-  docker run \
-    -v "$REPO_CODE":"$GOLANG_REPO_PATH" \
-    --name build-tmp \
-    -w "$GOLANG_REPO_PATH" \
-    -it \
-    "$BASE_TAG" go get
-  docker commit build-tmp "$DEV_TAG"
-  docker rm build-tmp
+  docker build . \
+    -t "$IMAGE_NAME:$VERSION"
 }
 
-buildImage
+buildImage
\ No newline at end of file