diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a98e982
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+FROM cgr.dev/chainguard/python:latest-dev AS builder
+
+WORKDIR /app
+COPY pyproject.toml README.md ./
+COPY src/ src/
+RUN python -m venv .venv
+RUN .venv/bin/pip install --no-cache-dir .
+
+FROM cgr.dev/chainguard/python:latest
+
+COPY --from=builder /app/.venv /app/.venv
+
+ENV PATH="/app/.venv/bin:$PATH"
+WORKDIR /scan
+
+ENTRYPOINT ["skillspector"]
diff --git a/Makefile b/Makefile
index fc5f4c9..00590d3 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-.PHONY: help install install-dev langgraph-dev test test-unit test-integration test-cov test-ci lint lint-fix format format-check clean build
+.PHONY: help install install-dev langgraph-dev test test-unit test-integration test-cov test-ci lint lint-fix format format-check clean build docker-build
 
 # Prefer uv if available, else use pip (set when Makefile is parsed)
 UV := $(shell command -v uv 2>/dev/null)
@@ -24,6 +24,7 @@ help:
 	@echo "  make format-check   - Check code formatting with ruff"
 	@echo "  make clean          - Remove build artifacts and cache files"
 	@echo "  make build          - Build the package"
+	@echo "  make docker-build   - Build the Docker image"
 
 install:
 	@if [ -n "$(UV)" ]; then uv sync; else pip install -e .; fi
@@ -94,3 +95,8 @@ clean:
 build: clean
 	python -m build
 
+# Build the Docker image
+docker-build:
+	docker build -t skillspector .
+
+
diff --git a/README.md b/README.md
index ab84623..abe818a 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,40 @@ make install
 make install-dev
 ```
 
+### Docker (no Python required)
+
+Run SkillSpector without installing Python by pulling the pre-built image or building it locally from the included [Dockerfile](Dockerfile). The image is based on [Chainguard's minimal Python image](https://images.chainguard.dev/directory/image/python/versions), which has a near-zero CVE footprint.
+
+**Build the image:**
+
+```bash
+docker build -t skillspector .
+```
+
+**Scan a local directory** (mount it into `/scan`, which is the container's working directory):
+
+```bash
+docker run --rm -v "$(pwd)/my-skill:/scan/my-skill" skillspector scan ./my-skill/
+```
+
+**Scan with LLM analysis** (pass credentials as environment variables):
+
+```bash
+docker run --rm \
+  -v "$(pwd)/my-skill:/scan/my-skill" \
+  -e SKILLSPECTOR_PROVIDER=anthropic \
+  -e ANTHROPIC_API_KEY=sk-ant-... \
+  skillspector scan ./my-skill/
+```
+
+**Write a report to the host filesystem:**
+
+```bash
+docker run --rm \
+  -v "$(pwd):/scan" \
+  skillspector scan ./my-skill/ --format json --output report.json
+```
+
 ### Basic Usage
 
 ```bash
@@ -88,7 +122,7 @@ local OpenAI-compatible servers (Ollama, vLLM, llama.cpp) and managed
 inference gateways.
 
 | Provider (`SKILLSPECTOR_PROVIDER`) | Credential env var | Endpoint | Default model |
-|----------|----|----|----|
+| ---------- | ---- | ---- | ---- |
 | `openai` | `OPENAI_API_KEY` (+ optional `OPENAI_BASE_URL`) | api.openai.com (or any OpenAI-compatible URL) | `gpt-5.4` |
 | `anthropic` | `ANTHROPIC_API_KEY` | api.anthropic.com | `claude-opus-4-6` |
 | `nv_build` | `NVIDIA_INFERENCE_KEY` | build.nvidia.com | `deepseek-ai/deepseek-v4-flash` |