diff --git a/builder/Dockerfile.alpine-tracee-container b/builder/Dockerfile.alpine-tracee-container
index f0dc975edc9d..bd265c5ac4a9 100644
--- a/builder/Dockerfile.alpine-tracee-container
+++ b/builder/Dockerfile.alpine-tracee-container
@@ -5,6 +5,20 @@
 ARG BTFHUB=0
 ARG FLAVOR=tracee-ebpf-core
 
+#
+# Version
+#
+
+ARG GO_VERSION=1.22.0
+ARG OPA_VERSION=v0.63.0
+
+
+# This workaround is required since OPA 0.65.0 (latest published release) has cve-2024-24790.
+# After solved we can rollback to the commented installation lines below.
+#
+# Stage 1: Set the base image to get the OPA binary
+FROM openpolicyagent/opa:0.66.0-dev-static as opa-extractor
+
 #
 # tracee-base
 #
@@ -23,9 +37,13 @@ RUN apk --no-cache update && \
 
 # install OPA
 
-RUN altarch=$(uname -m | sed 's:x86_64:amd64:g' | sed 's:aarch64:arm64:g') && \
-    curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/v0.63.0/opa_linux_${altarch}_static && \
-    chmod 755 /usr/bin/opa
+# ARG OPA_VERSION
+# RUN altarch=$(uname -m | sed 's:x86_64:amd64:g' | sed 's:aarch64:arm64:g') && \
+# curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/${OPA_VERSION}/opa_linux_${altarch}_static && \
+# chmod 755 /usr/bin/opa
+
+# Stage 2: Copy the OPA binary from the OPA extractor
+COPY --from=opa-extractor /opa /usr/bin/opa
 
 #
 # tracee-make-base
@@ -41,13 +59,14 @@ RUN apk --no-cache update && \
     apk --no-cache add bash git rsync && \
     apk --no-cache add coreutils findutils && \
     apk --no-cache add llvm14 clang14 && \
-    apk --no-cache add go make gcc && \
+    apk --no-cache add make gcc && \
     apk --no-cache add musl-dev && \
     apk --no-cache add linux-headers && \
     apk --no-cache add elfutils-dev && \
     apk --no-cache add libelf-static && \
     apk --no-cache add zlib-static && \
     apk --no-cache add zstd-static && \
+    apk --no-cache add binutils-gold && \
     rm -f /usr/bin/cc && \
     rm -f /usr/bin/clang && \
     rm -f /usr/bin/clang++ && \
@@ -81,6 +100,17 @@ RUN apk --no-cache update && \
     ln -s /usr/lib/llvm14/bin/llvm-readelf /usr/bin/llvm-readelf && \
     ln -s /usr/lib/llvm14/bin/opt /usr/bin/opt
 
+# install GO
+ARG GO_VERSION
+RUN altarch=$(uname -m | sed 's:x86_64:amd64:g' | sed 's:aarch64:arm64:g') && \
+    curl -L -o go${GO_VERSION}.linux-${altarch}.tar.gz https://go.dev/dl/go${GO_VERSION}.linux-${altarch}.tar.gz && \
+    tar -C /usr/local -xzf go${GO_VERSION}.linux-${altarch}.tar.gz && \
+    echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile && \
+    echo 'export GOROOT=/usr/local/go' >> /etc/profile && \
+    echo 'export GOPATH=$HOME/go' >> /etc/profile && \
+    echo 'export GOTOOLCHAIN=auto' >> /etc/profile && \
+    echo 'export PATH=$PATH:$GOPATH/bin' >> /etc/profile
+
 # install bpftool from btfhub
 
 RUN cd /tmp && \
@@ -101,7 +131,8 @@ WORKDIR /tracee
 
 COPY . /tracee
 
-RUN make clean && \
+RUN source /etc/profile && \
+    make clean && \
     BTFHUB=$BTFHUB make tracee && \
     BTFHUB=$BTFHUB make tracee-ebpf && \
     make tracee-rules && \
diff --git a/builder/Dockerfile.ubuntu-tracee-make b/builder/Dockerfile.ubuntu-tracee-make
index 19c80f8edbaa..974ef85cf99a 100644
--- a/builder/Dockerfile.ubuntu-tracee-make
+++ b/builder/Dockerfile.ubuntu-tracee-make
@@ -7,6 +7,13 @@ FROM ubuntu:jammy
 ARG uid=1000
 ARG gid=1000
 
+#
+# Version
+#
+
+ARG GO_VERSION=1.22.0
+ARG OPA_VERSION=v0.63.0
+
 # install needed environment
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
@@ -30,9 +37,8 @@ RUN cd /tmp && \
     ./3rdparty/bpftool.sh
 
 # install OPA
-
 RUN altarch=$(uname -m | sed 's:x86_64:amd64:g' | sed 's:aarch64:arm64:g') && \
-    curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/v0.63.0/opa_linux_${altarch}_static && \
+    curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/${OPA_VERSION}/opa_linux_${altarch}_static && \
     chmod 755 /usr/bin/opa
 
 # extra tools for testing things
@@ -66,12 +72,11 @@ RUN export uid=$uid gid=$gid && \
     ln -s /home/tracee/.bashrc /home/tracee/.profile
 
 # install extra packages (if needed)
-
 RUN export DEBIAN_FRONTEND=noninteractive && \
     altarch=$(uname -m | sed 's:x86_64:amd64:g' | sed 's:aarch64:arm64:g') && \
     apt-get update && \
-    curl -L -o /tmp/golang.tar.xz https://go.dev/dl/go1.21.5.linux-${altarch}.tar.gz && \
-    tar -C /usr/local -xzf /tmp/golang.tar.xz && \
+    curl -L -o /tmp/golang.tar.gz https://go.dev/dl/go${GO_VERSION}.linux-${altarch}.tar.gz && \
+    tar -C /usr/local -xzf /tmp/golang.tar.gz && \
     update-alternatives --install /usr/bin/go go /usr/local/go/bin/go 1 && \
     update-alternatives --install /usr/bin/gofmt gofmt /usr/local/go/bin/gofmt 1
 
diff --git a/builder/Makefile.release b/builder/Makefile.release
index 46f5aea4a0d5..057bd5ce7595 100644
--- a/builder/Makefile.release
+++ b/builder/Makefile.release
@@ -145,38 +145,16 @@ PUSH_DOCKER_REPO ?= aquasec/tracee
 .PHONY: release
 release: \
 	$(OUTPUT_DIR) \
+	build-tracee-btfhub \
+	build-tracee-binary-static \
+	build-tracee-binary-shared \
+	archive \
 	| .check_tree \
 	.check_$(CMD_DOCKER) \
 	.check_$(CMD_TAR) \
 	.check_$(CMD_CHECKSUM) \
 	.check_$(CMD_GITHUB)
 #
-# SNAPSHOT
-#
-
-#
-# build official container image (CO-RE + BTFHUB).
-#
-	$(MAKE) -f builder/Makefile.tracee-make alpine-prepare
-	$(MAKE) -f builder/Makefile.tracee-make alpine-make ARG="clean"
-#
-	BTFHUB=1 $(MAKE) -f builder/Makefile.tracee-container build-tracee
-#
-# build binaries (tracee, tracee-ebpf, tracee-rules, rules)
-#
-	$(MAKE) -f builder/Makefile.tracee-make ubuntu-prepare
-	$(MAKE) -f builder/Makefile.tracee-make ubuntu-make ARG="clean"
-# static
-	BTFHUB=0 STATIC=1 $(MAKE) -f builder/Makefile.tracee-make ubuntu-make ARG="tracee-ebpf"
-	BTFHUB=0 STATIC=1 $(MAKE) -f builder/Makefile.tracee-make ubuntu-make ARG="tracee"
-	$(CMD_MV) dist/tracee-ebpf dist/tracee-ebpf-static
-	$(CMD_MV) dist/tracee dist/tracee-static
-# shared libs
-	BTFHUB=0 STATIC=0 $(MAKE) -f builder/Makefile.tracee-make ubuntu-make ARG="all"
-# tarball
-	$(CMD_TAR) -cvzf $(OUT_ARCHIVE) $(RELEASE_FILES)
-	$(CMD_CHECKSUM) $(OUT_ARCHIVE) > $(OUT_CHECKSUMS)
-#
 # note: TAGS created by release-snapshot workflow
 #
 
@@ -212,6 +190,48 @@ endif
 
 endif
 
+#
+# build tracee
+#
+
+.PHONY: alpine-prepare
+alpine-prepare:
+	$(MAKE) -f builder/Makefile.tracee-make alpine-prepare && \
+		$(MAKE) -f builder/Makefile.tracee-make alpine-prepare ARG="clean"
+
+.PHONY: build-tracee-btfhub
+build-tracee-btfhub: alpine-prepare
+# build official container image (CO-RE + BTFHUB)
+	BTFHUB=1 SNAPSHOT=$(SNAPSHOT) $(MAKE) -f builder/Makefile.tracee-container build-tracee
+
+#
+# build binaries (tracee, tracee-ebpf, tracee-rules, rules)
+#
+
+.PHONY: ubuntu-prepare
+ubuntu-prepare:
+	$(MAKE) -f builder/Makefile.tracee-make ubuntu-prepare && \
+		$(MAKE) -f builder/Makefile.tracee-make ubuntu-make ARG="clean"
+
+.PHONY: build-tracee-binary-static
+build-tracee-binary-static: ubuntu-prepare
+# static
+	BTFHUB=0 STATIC=1 $(MAKE) -f builder/Makefile.tracee-make ubuntu-make ARG="tracee-ebpf" && \
+		BTFHUB=0 STATIC=1 $(MAKE) -f builder/Makefile.tracee-make ubuntu-make ARG="tracee" && \
+		$(CMD_MV) dist/tracee-ebpf dist/tracee-ebpf-static
+		$(CMD_MV) dist/tracee dist/tracee-static
+
+.PHONY: build-tracee-binary-shared
+build-tracee-binary-shared: ubuntu-prepare
+# shared libs
+	BTFHUB=0 STATIC=0 $(MAKE) -f builder/Makefile.tracee-make ubuntu-make ARG="all"
+
+.PHONY: archive
+archive:
+# tarball
+	$(CMD_TAR) -cvzf $(OUT_ARCHIVE) $(RELEASE_FILES) && \
+		$(CMD_CHECKSUM) $(OUT_ARCHIVE) > $(OUT_CHECKSUMS)
+
 .PHONY: clean
 clean:
 #
diff --git a/builder/Makefile.tracee-container b/builder/Makefile.tracee-container
index af0922a32a5c..5e904da1a8b5 100644
--- a/builder/Makefile.tracee-container
+++ b/builder/Makefile.tracee-container
@@ -101,7 +101,14 @@ ifeq ($(BTFHUB),)
 BTFHUB=0
 endif
 
-TRACEE_CONT_NAME = tracee:latest
+SNAPSHOT ?= 0
+TAG ?= latest
+
+ifeq ($(SNAPSHOT),1)
+	TAG=dev
+endif
+
+TRACEE_CONT_NAME = tracee:$(TAG)
 TRACEE_CONT_DOCKERFILE = builder/Dockerfile.alpine-tracee-container
 
 .PHONY: build-tracee