diff --git a/Dockerfile b/Dockerfile
index eebef9db2d45d27805106c79d4d93da5dcbaf739..66627c7dec6f69c997bc861b422e956a0777ab88 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,34 +1,25 @@
 ARG DOCKER_REGISTRY=registry.cyberbrain.pw
 
-FROM anchore/grype:latest AS base
-FROM $DOCKER_REGISTRY/tools/docker/alpine:latest AS common
-
-FROM common AS executor
+FROM anchore/grype:latest AS grype
+FROM $DOCKER_REGISTRY/tools/docker/alpine:latest AS loader
 SHELL ["/bin/ash", "-euo", "pipefail", "-c"]
 ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \
     GRYPE_DB_CACHE_DIR="/tmp/db" \
     GRYPE_DB_AUTO_UPDATE="false"
-COPY --from=base /grype /bin/grype
-ARG CACHEBUST=static
-RUN set -ex && \
-    chmod a+x /bin/grype && \
+COPY --from=grype /grype /bin/grype
+RUN chmod a+x /bin/grype && \
     mkdir -p ${GRYPE_DB_CACHE_DIR} && \
-    chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \
-    echo ${CACHEBUST} && \
-    if test -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')"; then echo "Update failed!"; exit 1; else true; fi
+    chmod -R 0777 ${GRYPE_DB_CACHE_DIR}
+ARG CACHEBUST=static
+RUN set -e; \
+    TMP="${CACHEBUST}" grype db update -v || ( echo "Update failed!"; exit 1 )
 
-FROM common AS runtime
+FROM grype AS runtime
 ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \
-    GRYPE_DB_CACHE_DIR="/srv/grype/db" \
+    GRYPE_DB_CACHE_DIR="/tmp/db" \
     GRYPE_DB_AUTO_UPDATE="false"
-COPY --from=base /grype /bin/
-RUN set -ex && \
-    chmod a+x /bin/grype && \
-    mkdir -p ${GRYPE_DB_CACHE_DIR} && \
-    chmod -R 0777 ${GRYPE_DB_CACHE_DIR}
-COPY --from=executor /tmp/db ${GRYPE_DB_CACHE_DIR}
-RUN set -ex && \
-    chmod -R 0555 ${GRYPE_DB_CACHE_DIR}
+COPY --from=loader ${GRYPE_DB_CACHE_DIR}/ ${GRYPE_DB_CACHE_DIR}/
 LABEL org.label-schema.description="A vulnerability scanner for container images and filesystems (standalone)"
-ENTRYPOINT [ "/bin/grype" ]
 CMD [ "--help" ]
+
+FROM runtime AS release