diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index b36e1ad945..8ba4285d8f 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -48,6 +48,37 @@ jobs:
           config_path: .spellcheck.yml
           task_name: Markdown
 
+  hadolint:
+    name: hadolint
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Dockerfile linter
+        uses: hadolint/hadolint-action@v3.1.0
+        # For now, ignoring:
+        # DL3008 warning: Pin versions in apt get install (e.g., apt-get install <package>=<version>)
+        with:
+          dockerfile: env/Dockerfile
+          ignore: DL3008
+
+  hadolint-cndp:
+    name: hadolint
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Dockerfile linter
+        uses: hadolint/hadolint-action@v3.1.0
+        # For now, ignoring:
+        # DL3008 warning: Pin versions in apt get install (e.g., apt-get install <package>=<version>); and
+        # DL3013 warning: Pin versions in pip (e.g., pip install <package>==<version>)
+        with:
+          dockerfile: env/Dockerfile-cndp
+          ignore: DL3008,DL3013
+
   license-check:
     runs-on: ubuntu-latest
     steps:
diff --git a/env/Dockerfile b/env/Dockerfile
index e0fd35f096..c987fcc105 100644
--- a/env/Dockerfile
+++ b/env/Dockerfile
@@ -1,14 +1,15 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright 2020-present Open Networking Foundation
-# Copyright 2019 Intel Corporation
+# Copyright 2019-present Intel Corporation
 # vim: syntax=dockerfile
 
-ARG BASE_IMAGE=ubuntu:focal
 # Install CNDP dependencies and build CNDP.
-FROM ${BASE_IMAGE} AS cndp-build
+FROM ubuntu:20.04 AS cndp-build
 
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y \
+    --no-install-recommends \
+    ca-certificates \
     build-essential \
     golang \
     libelf-dev \
@@ -31,16 +32,16 @@ RUN apt-get update && apt-get install -y \
     lld \
     m4 \
     linux-tools-common \
-    libbpf-dev \
-    && rm -rf /var/lib/apt/lists/*
+    libbpf-dev && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
 # Install libxdp
-RUN git clone https://github.com/xdp-project/xdp-tools.git
-WORKDIR /xdp-tools/
-RUN git checkout v1.2.2
-RUN ./configure
-WORKDIR /xdp-tools/
-RUN make -j; PREFIX=/usr make -j install
+WORKDIR /xdp-tools
+RUN git clone https://github.com/xdp-project/xdp-tools.git . && \
+    git checkout v1.2.2 && \
+    ./configure && \
+    make -j; PREFIX=/usr make -j install
 ENV PKG_CONFIG_PATH=/usr/lib/pkgconfig
 
 # Get CNDP from GitHub
@@ -55,14 +56,15 @@ RUN make && make install
 RUN make static_build=1 rebuild install
 
 # Build the prometheus-metrics app
-WORKDIR /cndp/lang/go/stats/prometheus/
+WORKDIR /cndp/lang/go/stats/prometheus
 RUN go build prometheus.go
 
-FROM ${BASE_IMAGE}
+FROM ubuntu:20.04
 
 # Install CNDP dependencies
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y \
+    --no-install-recommends \
     build-essential \
     ethtool \
     libbsd-dev \
@@ -73,7 +75,9 @@ RUN apt-get update && apt-get install -y \
     libnl-cli-3-dev \
     libnuma1 \
     libpcap0.8 \
-    pkg-config
+    pkg-config && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
 # Copy required CNDP libraries, header files, pkg-config and binaries.
 COPY --from=cndp-build /cndp/usr/local/bin/cndpfwd /usr/bin/
@@ -88,24 +92,21 @@ COPY --from=cndp-build /usr/include/xdp/ /usr/include/xdp/
 # Set CNDP PKG_CONFIG_PATH
 ENV PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/lib/x86_64-linux-gnu/pkgconfig:/usr/lib/pkgconfig
 
-RUN echo "APT::Install-Recommends false;" >> /etc/apt/apt.conf.d/00recommends && \
-	echo "APT::Install-Suggests false;" >> /etc/apt/apt.conf.d/00recommends && \
-	echo "APT::AutoRemove::RecommendsImportant false;" >> /etc/apt/apt.conf.d/00recommends && \
-	echo "APT::AutoRemove::SuggestsImportant false;" >> /etc/apt/apt.conf.d/00recommends
-
 COPY env/build-dep.yml /tmp/
 COPY env/kmod.yml /tmp/
 COPY env/ci.yml /tmp/
 
 # Install dependency packages with Ansible
-RUN apt-get -q update && \
-	apt-get install -y ansible curl && \
-        ansible-playbook /tmp/ci.yml -i "localhost," -c local && \
-	apt-get purge -y ansible && \
-	apt-get autoremove -y && \
-	rm -rf /var/lib/apt/lists
-RUN update-alternatives --install /usr/local/bin/python python /usr/bin/python3 3
-RUN mkdir -p /build/bess
+RUN apt-get update && \
+    apt-get install -y \
+    --no-install-recommends \
+    ansible \
+    curl && \
+    ansible-playbook /tmp/ci.yml -i "localhost," -c local && \
+    apt-get purge -y ansible && \
+    apt-get autoremove -y && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
 WORKDIR /build/bess
 COPY . .
diff --git a/env/Dockerfile-cndp b/env/Dockerfile-cndp
index 3eede2f629..f9625bf5e4 100644
--- a/env/Dockerfile-cndp
+++ b/env/Dockerfile-cndp
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright (c) 2020-2022 Intel Corporation
+# Copyright (c) 2020-present Intel Corporation
 #
 # vim: syntax=dockerfile
 
@@ -8,12 +8,13 @@
 # --build-arg https_proxy=$http_proxy --build-arg no_proxy="$no_proxy" \
 # -t besscndp -f env/Dockerfile-cndp .
 
-ARG BASE_IMAGE=ubuntu:focal
-FROM ${BASE_IMAGE} AS cndp-build
+FROM ubuntu:20.04 AS cndp-build
 
 # Install CNDP dependencies and build CNDP.
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y \
+    --no-install-recommends \
+    ca-certificates \
     build-essential \
     golang \
     libelf-dev \
@@ -36,16 +37,16 @@ RUN apt-get update && apt-get install -y \
     lld \
     m4 \
     linux-tools-common \
-    libbpf-dev \
-    && rm -rf /var/lib/apt/lists/*
+    libbpf-dev && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
 # Install libxdp
-RUN git clone https://github.com/xdp-project/xdp-tools.git
-WORKDIR /xdp-tools/
-RUN git checkout v1.2.2
-RUN ./configure
-WORKDIR /xdp-tools/
-RUN make -j; PREFIX=/usr make -j install
+WORKDIR /xdp-tools
+RUN git clone https://github.com/xdp-project/xdp-tools.git . && \
+    git checkout v1.2.2 && \
+    ./configure && \
+    make -j; PREFIX=/usr make -j install
 ENV PKG_CONFIG_PATH=/usr/lib/pkgconfig
 
 # Get CNDP from GitHub
@@ -60,14 +61,15 @@ RUN make && make install
 RUN make static_build=1 rebuild install
 
 # Build the prometheus-metrics app
-WORKDIR /cndp/lang/go/stats/prometheus/
+WORKDIR /cndp/lang/go/stats/prometheus
 RUN go build prometheus.go
 
-FROM ${BASE_IMAGE}
+FROM ubuntu:20.04
 
 # Install CNDP dependencies
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y \
+    --no-install-recommends \
     build-essential \
     ethtool \
     libbsd-dev \
@@ -78,7 +80,9 @@ RUN apt-get update && apt-get install -y \
     libnl-cli-3-dev \
     libnuma1 \
     libpcap0.8 \
-    pkg-config
+    pkg-config && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
 # Copy required CNDP libraries, header files, pkg-config and binaries.
 COPY --from=cndp-build /cndp/usr/local/bin/cndpfwd /usr/bin/
@@ -93,28 +97,35 @@ COPY --from=cndp-build /usr/include/xdp/ /usr/include/xdp/
 # Set CNDP PKG_CONFIG_PATH
 ENV PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/lib/x86_64-linux-gnu/pkgconfig:/usr/lib/pkgconfig
 
-# Install BESS
-RUN echo "APT::Install-Recommends false;" >> /etc/apt/apt.conf.d/00recommends && \
-	echo "APT::Install-Suggests false;" >> /etc/apt/apt.conf.d/00recommends && \
-	echo "APT::AutoRemove::RecommendsImportant false;" >> /etc/apt/apt.conf.d/00recommends && \
-	echo "APT::AutoRemove::SuggestsImportant false;" >> /etc/apt/apt.conf.d/00recommends
-
 COPY env/build-dep.yml /tmp/
 COPY env/kmod.yml /tmp/
 COPY env/ci.yml /tmp/
 
 # Install dependency packages with Ansible
-RUN apt-get -q update && \
-	apt-get install -y ansible curl git sudo libgraph-easy-perl python-is-python3 && \
-        ansible-playbook /tmp/ci.yml -i "localhost," -c local && \
-	apt-get purge -y ansible && \
-	apt-get autoremove -y && \
-	rm -rf /var/lib/apt/lists
-RUN python3 -m pip install --upgrade pip && python3 -m pip install grpcio scapy protobuf==3.20.0 flask pyroute2
-
-RUN mkdir -p /build/bess
-RUN mkdir -p /build/bess/log
+RUN apt-get update && \
+    apt-get install -y \
+    --no-install-recommends \
+    ansible \
+    curl \
+    git \
+    sudo \
+    libgraph-easy-perl \
+    python-is-python3 && \
+    ansible-playbook /tmp/ci.yml -i "localhost," -c local && \
+    apt-get purge -y ansible && \
+    apt-get autoremove -y && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN python3 -m pip install --no-cache-dir --upgrade pip && \
+    python3 -m pip install --no-cache-dir \
+    grpcio \
+    scapy \
+    protobuf==3.20.0 \
+    flask \
+    pyroute2
 
+RUN mkdir -p /build/bess/log
 
 # Copy required files and build bess
 WORKDIR /build/bess
@@ -127,10 +138,8 @@ COPY protobuf protobuf
 COPY pybess pybess
 COPY sample_plugin sample_plugin
 COPY build.py container_build.py install_git_hooks.sh ./
-RUN ./build.py bess
-RUN cp /build/bess/deps/dpdk-22.11.4/build/app/dpdk-testpmd /usr/local/bin/
+RUN ./build.py bess && \
+    cp /build/bess/deps/dpdk-22.11.4/build/app/dpdk-testpmd /usr/local/bin/
 
 ENV CCACHE_DIR=/tmp/ccache
 ENV CCACHE_COMPRESS=true
-
-WORKDIR /build/bess