diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..81294205
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,10 @@
+**/node_modules
+**/.pnp.*
+**/.yarn/*
+!**/.yarn/patches
+!**/.yarn/plugins
+!**/.yarn/releases
+!**/.yarn/sdks
+!**/.yarn/versions
+**/.idea
+**/target
\ No newline at end of file
diff --git a/.drone.yml b/.drone.yml
index 07b83d49..5d051643 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -25,6 +25,7 @@ steps:
       YARN_CACHE_FOLDER: /cache/.yarn-docker
       NODE_CONFIG_ENV: default
     commands:
+      - apt update && apt install -y git
       - yarn install
       - yarn build
   - name: build docker image
@@ -142,6 +143,7 @@ steps:
       YARN_CACHE_FOLDER: /cache/.yarn-docker-
       NODE_CONFIG_ENV: default
     commands:
+      - apt update && apt install -y git
       - yarn install
       - yarn build
   - name: build docker image
diff --git a/Dockerfile b/Dockerfile
index a151a6fc..ce0a64dc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,12 +1,12 @@
-FROM node:19 as build
-WORKDIR /app
-
-COPY package.json yarn.lock .yarnrc.yml .
-COPY .yarn .yarn
-COPY packages packages
-RUN yarn --network-timeout 1000000
-RUN yarn build
+FROM node:current as build
+WORKDIR /src
+RUN apt update \
+    && apt install -y --no-install-recommends git \
+    && git clone --single-branch -b main https://git.v0l.io/Kieran/snort \
+    && cd snort \
+    && yarn --network-timeout 1000000 \
+    && yarn build
 
 FROM nginxinc/nginx-unprivileged:mainline-alpine
 COPY docker/nginx.conf /etc/nginx/conf.d/default.conf
-COPY --from=build /app/packages/app/build /usr/share/nginx/html
+COPY --from=build /src/snort/packages/app/build /usr/share/nginx/html
diff --git a/docker/nginx.conf b/docker/nginx.conf
index c7547334..59de7933 100644
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@@ -3,6 +3,9 @@ server {
     server_name _;
     root /usr/share/nginx/html;
     index index.html;
+    add_header Content-Security-Policy "default-src 'self'; manifest-src *; child-src 'none'; worker-src 'self'; frame-src youtube.com www.youtube.com https://platform.twitter.com https://embed.tidal.com https://w.soundcloud.com https://www.mixcloud.com https://open.spotify.com https://player.twitch.tv https://embed.music.apple.com https://embed.wavlake.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; connect-src *; img-src * data: blob:; font-src 'self'; media-src * blob:; script-src 'self' 'wasm-unsafe-eval' https://platform.twitter.com https://embed.tidal.com https://challenges.cloudflare.com";
+    add_header Cross-Origin-Opener-Policy same-origin;
+    add_header Cross-Origin-Embedder-Policy require-corp;
 
     location / {
         try_files $uri $uri/ /index.html =404;