diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a9b1de0
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,22 @@
+FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
+WORKDIR /src
+COPY global.json ./
+COPY src/FrameProcessor/FrameProcessor.csproj src/FrameProcessor/
+RUN dotnet restore src/FrameProcessor/FrameProcessor.csproj
+COPY src/FrameProcessor/ src/FrameProcessor/
+RUN dotnet publish src/FrameProcessor/FrameProcessor.csproj \
+    -c Release \
+    -o /app/publish \
+    --no-restore
+
+FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS runtime
+WORKDIR /app
+RUN addgroup --system --gid 1000 app \
+ && adduser --system --uid 1000 --ingroup app --no-create-home app \
+ && mkdir -p /data/images \
+ && chown -R app:app /data
+COPY --from=build --chown=app:app /app/publish ./
+USER app
+EXPOSE 8080
+ENV ASPNETCORE_URLS=http://+:8080
+ENTRYPOINT ["dotnet", "FrameProcessor.dll"]
diff --git a/IMPLEMENTATION.md b/IMPLEMENTATION.md
index ddd093f..ff3e896 100644
--- a/IMPLEMENTATION.md
+++ b/IMPLEMENTATION.md
@@ -219,7 +219,7 @@ Each type lives in `src/FrameProcessor/Domain/`. Tests in `tests/FrameProcessor.
 
 ## Phase 10 — Packaging
 
-### [ ] 10.1 `Dockerfile`
+### [x] 10.1 `Dockerfile`
 - Multi-stage: SDK build → runtime (`mcr.microsoft.com/dotnet/aspnet:10.0`).
 - Expose 8080; create `/data/images`.
 - Non-root user.