diff --git a/backend/Dockerfile b/backend/Dockerfile
index 9f3f84a48e3..ff69bfb2b29 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -29,12 +29,19 @@ RUN apt-get update
 RUN apt-get install nodejs -y
 # replace nodejs packaged with playwright (18.17.0) with the one installed above
 RUN cp /usr/bin/node /usr/local/lib/python3.11/site-packages/playwright/driver/node
+# remove nodejs (except for the binary we moved into playwright)
+RUN apt-get remove -y nodejs
 
 # Cleanup for CVEs and size reduction
 RUN apt-get remove -y linux-libc-dev \
     && apt-get autoremove -y \
     && rm -rf /var/lib/apt/lists/*
 
+# Remove tornado test key to placate vulnerability scanners
+# More details can be found here:
+# https://github.com/tornadoweb/tornado/issues/3107
+RUN rm /usr/local/lib/python3.11/site-packages/tornado/test/test.key
+
 WORKDIR /app
 COPY ./danswer /app/danswer
 COPY ./alembic /app/alembic
diff --git a/web/Dockerfile b/web/Dockerfile
index 6b440b3d6af..8132e46a436 100644
--- a/web/Dockerfile
+++ b/web/Dockerfile
@@ -39,6 +39,11 @@ RUN npm run build
 FROM base AS runner
 WORKDIR /app
 
+# Remove global node modules, since they are not needed by the actual app
+# (all dependencies are copied over into the `/app` dir itself). These
+# global modules may be outdated and trigger security scans.
+RUN rm -rf /usr/local/lib/node_modules
+
 # Not needed, set by compose 
 # ENV NODE_ENV production