diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..281e568
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,13 @@
+.git
+.github
+.venv
+*.pyc
+*.env
+.coverage
+.devcontainer
+.gitignore
+.pre-commit-config.yaml
+.pytest_cache
+.ruff_cache
+__pycache__
+tests
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..238f0d4
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,24 @@
+FROM python:3.11.8-slim-bookworm
+
+ARG GIT_REVISION="0000000"
+ARG GIT_TAG="x.x.x"
+
+WORKDIR /app
+# hadolint ignore=DL3008
+RUN apt-get update \
+    && apt-get install --no-install-recommends -y \
+    curl \
+    make \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install poetry: https://python-poetry.org/docs/#installing-with-the-official-installer
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+RUN curl -sSL https://install.python-poetry.org | python3 -
+ENV PATH="/root/.local/bin:$PATH"
+
+# Install dependencies
+COPY pyproject.toml poetry.lock Makefile /app/
+RUN poetry config virtualenvs.create false && make install-deps
+COPY . .
+
+CMD ["python", "main.py"]
diff --git a/Makefile b/Makefile
index b42a855..4f983ad 100644
--- a/Makefile
+++ b/Makefile
@@ -1,3 +1,7 @@
+# Git
+GIT_REVISION ?= $(shell git rev-parse --short HEAD)
+GIT_TAG ?= $(shell git describe --tags --abbrev=0 | sed -e s/v//g)
+
 .PHONY: help
 help:
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
@@ -30,3 +34,35 @@ test: ## run tests
 
 .PHONY: ci-test
 ci-test: install-deps-dev format-check lint test ## run CI tests
+
+# ---
+# Docker
+# ---
+DOCKER_REPO_NAME ?= ks6088ts
+DOCKER_IMAGE_NAME ?= template-python
+DOCKER_COMMAND ?= bash
+
+.PHONY: docker-build
+docker-build: ## build Docker image
+	docker build \
+		-t $(DOCKER_REPO_NAME)/$(DOCKER_IMAGE_NAME):$(GIT_TAG) \
+		--build-arg GIT_REVISION=$(GIT_REVISION) \
+		--build-arg GIT_TAG=$(GIT_TAG) \
+		.
+
+.PHONY: docker-run
+docker-run: ## run Docker container
+	docker run --rm -it $(DOCKER_REPO_NAME)/$(DOCKER_IMAGE_NAME):$(GIT_TAG) $(DOCKER_COMMAND)
+
+.PHONY: docker-lint
+docker-lint: ## lint Dockerfile
+	docker run --rm -i hadolint/hadolint < Dockerfile
+
+.PHONY: docker-scan
+docker-scan: ## scan Docker image
+	@# https://aquasecurity.github.io/trivy/v0.18.3/installation/#install-script
+	@which trivy || curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b $(TOOLS_DIR) v$(TRIVY_VERSION)
+	trivy image $(DOCKER_REPO_NAME)/$(DOCKER_IMAGE_NAME):$(GIT_TAG)
+
+.PHONY: ci-test-docker
+ci-test-docker: docker-lint docker-build docker-scan docker-run ## run CI test for Docker
diff --git a/main.py b/main.py
index bc2226f..eacafa8 100644
--- a/main.py
+++ b/main.py
@@ -1,2 +1,6 @@
 def add_numbers(a, b):
     return a + b
+
+
+if __name__ == "__main__":
+    print(f"{add_numbers(3, 4)}")