diff --git a/content/get-started/workshop/_index.md b/content/get-started/workshop/_index.md
index cc6a0beff925..86d6b132da79 100644
--- a/content/get-started/workshop/_index.md
+++ b/content/get-started/workshop/_index.md
@@ -47,3 +47,39 @@ In this section, you learned about containers and images.
 Next, you'll containerize a simple application and get hands-on with the concepts.
 
 {{< button text="Containerize an application" url="02_our_app.md" >}}
+
+## Security considerations
+
+This example application and Dockerfile are intended for learning purposes only.
+The resulting image may contain known vulnerabilities originating from the base image
+or third-party dependencies.
+
+When building images for production environments, consider:
+- using multi-stage builds
+- minimizing the runtime image
+- pinning dependency versions
+- and scanning images for vulnerabilities as part of CI/CD
+
+## Optional: A more security-aware Dockerfile
+
+If you'd like to explore a more production-oriented approach, the following Dockerfile
+demonstrates an alternative build approach while keeping the application behavior the same.
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+FROM node:20-alpine AS build
+WORKDIR /app
+
+COPY package.json yarn.lock ./
+RUN yarn install --production --frozen-lockfile
+
+COPY src ./src
+
+FROM gcr.io/distroless/nodejs20-debian12
+WORKDIR /app
+
+COPY --from=build /app /app
+
+EXPOSE 3000
+CMD ["src/index.js"]
\ No newline at end of file