diff --git a/.github/linters/.hadolint.yml b/.github/linters/.hadolint.yml
index b408c6b2..46f69af4 100644
--- a/.github/linters/.hadolint.yml
+++ b/.github/linters/.hadolint.yml
@@ -3,3 +3,9 @@
 ## Hadolint config file ##
 ##########################
 ignored:
+  - DL4001 # Ignore wget and curl in same file
+  - DL4006 # ignore pipefail as we dont want to add layers
+  - DL3018 # We do pin version in pipfile.lock
+  - DL3013 # We do pin version in pipfile.lock
+  - DL3003 # Ignore workdir so we dont add layers
+  - SC2016 # ignore as its intepreted later
diff --git a/Dockerfile b/Dockerfile
index 85d1fd03..5e0b945e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,6 +14,7 @@ FROM golangci/golangci-lint:v1.31.0 as golangci-lint
 FROM yoheimuta/protolint:v0.26.0 as protolint
 FROM koalaman/shellcheck:v0.7.1 as shellcheck
 FROM wata727/tflint:0.20.2 as tflint
+FROM mvdan/shfmt:v3.1.2 as shfmt
 FROM accurics/terrascan:d182f1c as terrascan
 FROM hadolint/hadolint:latest-alpine as dockerfile-lint
 FROM ghcr.io/assignuser/lintr-lib:0.1.2 as lintr-lib
@@ -272,7 +273,7 @@ RUN CHECKSTYLE_LATEST=$(curl -s https://api.github.com/repos/checkstyle/checksty
     | grep browser_download_url \
     | grep ".jar" \
     | cut -d '"' -f 4) \
-    && curl --retry 5 --retry-delay 5 -sSL $CHECKSTYLE_LATEST \
+    && curl --retry 5 --retry-delay 5 -sSL "$CHECKSTYLE_LATEST" \
     --output /usr/bin/checkstyle
 
 ####################
@@ -313,14 +314,7 @@ COPY --from=kubeval /kubeval /usr/bin/
 #################
 # Install shfmt #
 #################
-ENV GO111MODULE=on \
-    GOROOT=/usr/lib/go \
-    GOPATH=/go
-
-ENV PATH="$PATH":"$GOROOT"/bin:"$GOPATH"/bin
-
-RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
-RUN go get mvdan.cc/sh/v3/cmd/shfmt
+COPY --from=shfmt /bin/shfmt /usr/bin/
 
 #############################
 # Copy scripts to container #