diff --git a/CHANGELOG.md b/CHANGELOG.md
index ae9b4eea99..8a4f6cbf7a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Changed
+
+-  Resolves [#4301](https://github.com/microsoft/BotFramework-WebChat/issues/4301). Updated `Dockerfile` to support secure container supply chain, by [@compulim](https://github.com/compulim) in PR [#4303](https://github.com/microsoft/BotFramework-WebChat/pull/4303)
+
 ## [4.15.2] - 2022-05-09
 
 ### Breaking changes
diff --git a/__tests__/__image_snapshots__/chrome-docker/video-js-video-1-snap.png b/__tests__/__image_snapshots__/chrome-docker/video-js-video-1-snap.png
index 6b30e6833f..6e664bfb49 100644
Binary files a/__tests__/__image_snapshots__/chrome-docker/video-js-video-1-snap.png and b/__tests__/__image_snapshots__/chrome-docker/video-js-video-1-snap.png differ
diff --git a/packages/test/harness/Dockerfile b/packages/test/harness/Dockerfile
index d40bb9590f..d4a5763976 100644
--- a/packages/test/harness/Dockerfile
+++ b/packages/test/harness/Dockerfile
@@ -1,5 +1,8 @@
-# NPM@7 is buggy with its "postinstall" script, going back to Node.js 14 with NPM@6 for now.
-FROM node:14-alpine
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18-alpine
+
+FROM $BASE_IMAGE
 
 RUN apk update && \
     apk upgrade && \
diff --git a/playground.dockerfile b/playground.dockerfile
index 3842e42560..d9f747256c 100644
--- a/playground.dockerfile
+++ b/playground.dockerfile
@@ -1,4 +1,8 @@
-FROM node:alpine
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18-alpine
+
+FROM $BASE_IMAGE
 
 RUN apk update && \
     apk upgrade && \
diff --git a/samples/07.advanced-web-chat-apps/a.upload-to-azure-storage/Dockerfile b/samples/07.advanced-web-chat-apps/a.upload-to-azure-storage/Dockerfile
index dd2f582407..a654942f90 100644
--- a/samples/07.advanced-web-chat-apps/a.upload-to-azure-storage/Dockerfile
+++ b/samples/07.advanced-web-chat-apps/a.upload-to-azure-storage/Dockerfile
@@ -1,7 +1,11 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This container is for simplifying CI when using Azure Pipelines
 
 # Aggregates all code into a single Docker image for export
-FROM node:12
+FROM $BASE_IMAGE
 
 # Copy the bot code to /var/bot/
 ADD bot/ /var/build/bot/
diff --git a/samples/07.advanced-web-chat-apps/a.upload-to-azure-storage/Dockerfile-run b/samples/07.advanced-web-chat-apps/a.upload-to-azure-storage/Dockerfile-run
index 1c4c8d9e02..0b99bb17fa 100644
--- a/samples/07.advanced-web-chat-apps/a.upload-to-azure-storage/Dockerfile-run
+++ b/samples/07.advanced-web-chat-apps/a.upload-to-azure-storage/Dockerfile-run
@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This is the container for running the demo under Azure Web App
-FROM node:12
+FROM $BASE_IMAGE
 
 # Expose both port 80 and 2222 (SSH for Azure Web App)
 EXPOSE 80 2222
diff --git a/samples/07.advanced-web-chat-apps/b.sso-for-enterprise/Dockerfile b/samples/07.advanced-web-chat-apps/b.sso-for-enterprise/Dockerfile
index cdb9f32104..ef873e0739 100644
--- a/samples/07.advanced-web-chat-apps/b.sso-for-enterprise/Dockerfile
+++ b/samples/07.advanced-web-chat-apps/b.sso-for-enterprise/Dockerfile
@@ -1,7 +1,11 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This container is for simplifying CI when using Azure Pipelines
 
 # The first builder image will build HTML and JavaScript code out of the create-react-app project
-FROM node:12 AS builder-react
+FROM $BASE_IMAGE AS builder-react
 WORKDIR /var/build/react/
 
 # Copy the web app code to /var/build/react/
@@ -15,7 +19,7 @@ RUN npm ci
 RUN npm run build
 
 # The second builder image will aggregate all code into a single Docker image for export
-FROM node:12
+FROM $BASE_IMAGE
 
 # Copy the bot code to /var/bot/
 ADD bot/ /var/build/bot/
diff --git a/samples/07.advanced-web-chat-apps/b.sso-for-enterprise/Dockerfile-run b/samples/07.advanced-web-chat-apps/b.sso-for-enterprise/Dockerfile-run
index 62e630c836..0b99bb17fa 100644
--- a/samples/07.advanced-web-chat-apps/b.sso-for-enterprise/Dockerfile-run
+++ b/samples/07.advanced-web-chat-apps/b.sso-for-enterprise/Dockerfile-run
@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This is the container for running the demo under Azure Web App
-FROM node:12 AS builder-web
+FROM $BASE_IMAGE
 
 # Expose both port 80 and 2222 (SSH for Azure Web App)
 EXPOSE 80 2222
diff --git a/samples/07.advanced-web-chat-apps/c.sso-for-intranet/Dockerfile b/samples/07.advanced-web-chat-apps/c.sso-for-intranet/Dockerfile
index 283e8c6287..3d23d7f2e2 100644
--- a/samples/07.advanced-web-chat-apps/c.sso-for-intranet/Dockerfile
+++ b/samples/07.advanced-web-chat-apps/c.sso-for-intranet/Dockerfile
@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This container is for simplifying CI when using Azure Pipelines
-FROM node:12
+FROM $BASE_IMAGE
 
 # Copy the bot code to /var/bot/
 ADD bot/ /var/build/bot/
diff --git a/samples/07.advanced-web-chat-apps/c.sso-for-intranet/Dockerfile-run b/samples/07.advanced-web-chat-apps/c.sso-for-intranet/Dockerfile-run
index 1c4c8d9e02..0b99bb17fa 100644
--- a/samples/07.advanced-web-chat-apps/c.sso-for-intranet/Dockerfile-run
+++ b/samples/07.advanced-web-chat-apps/c.sso-for-intranet/Dockerfile-run
@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This is the container for running the demo under Azure Web App
-FROM node:12
+FROM $BASE_IMAGE
 
 # Expose both port 80 and 2222 (SSH for Azure Web App)
 EXPOSE 80 2222
diff --git a/samples/07.advanced-web-chat-apps/d.sso-for-teams/Dockerfile b/samples/07.advanced-web-chat-apps/d.sso-for-teams/Dockerfile
index 283e8c6287..3d23d7f2e2 100644
--- a/samples/07.advanced-web-chat-apps/d.sso-for-teams/Dockerfile
+++ b/samples/07.advanced-web-chat-apps/d.sso-for-teams/Dockerfile
@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This container is for simplifying CI when using Azure Pipelines
-FROM node:12
+FROM $BASE_IMAGE
 
 # Copy the bot code to /var/bot/
 ADD bot/ /var/build/bot/
diff --git a/samples/07.advanced-web-chat-apps/d.sso-for-teams/Dockerfile-run b/samples/07.advanced-web-chat-apps/d.sso-for-teams/Dockerfile-run
index 1c4c8d9e02..0b99bb17fa 100644
--- a/samples/07.advanced-web-chat-apps/d.sso-for-teams/Dockerfile-run
+++ b/samples/07.advanced-web-chat-apps/d.sso-for-teams/Dockerfile-run
@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This is the container for running the demo under Azure Web App
-FROM node:12
+FROM $BASE_IMAGE
 
 # Expose both port 80 and 2222 (SSH for Azure Web App)
 EXPOSE 80 2222
diff --git a/samples/07.advanced-web-chat-apps/e.sso-on-behalf-of-authentication/Dockerfile b/samples/07.advanced-web-chat-apps/e.sso-on-behalf-of-authentication/Dockerfile
index cdb9f32104..ef873e0739 100644
--- a/samples/07.advanced-web-chat-apps/e.sso-on-behalf-of-authentication/Dockerfile
+++ b/samples/07.advanced-web-chat-apps/e.sso-on-behalf-of-authentication/Dockerfile
@@ -1,7 +1,11 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This container is for simplifying CI when using Azure Pipelines
 
 # The first builder image will build HTML and JavaScript code out of the create-react-app project
-FROM node:12 AS builder-react
+FROM $BASE_IMAGE AS builder-react
 WORKDIR /var/build/react/
 
 # Copy the web app code to /var/build/react/
@@ -15,7 +19,7 @@ RUN npm ci
 RUN npm run build
 
 # The second builder image will aggregate all code into a single Docker image for export
-FROM node:12
+FROM $BASE_IMAGE
 
 # Copy the bot code to /var/bot/
 ADD bot/ /var/build/bot/
diff --git a/samples/07.advanced-web-chat-apps/e.sso-on-behalf-of-authentication/Dockerfile-run b/samples/07.advanced-web-chat-apps/e.sso-on-behalf-of-authentication/Dockerfile-run
index 62e630c836..0b99bb17fa 100644
--- a/samples/07.advanced-web-chat-apps/e.sso-on-behalf-of-authentication/Dockerfile-run
+++ b/samples/07.advanced-web-chat-apps/e.sso-on-behalf-of-authentication/Dockerfile-run
@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This is the container for running the demo under Azure Web App
-FROM node:12 AS builder-web
+FROM $BASE_IMAGE
 
 # Expose both port 80 and 2222 (SSH for Azure Web App)
 EXPOSE 80 2222
diff --git a/testharness.dockerfile b/testharness.dockerfile
index 47c24a7cb1..20d69017b0 100644
--- a/testharness.dockerfile
+++ b/testharness.dockerfile
@@ -1,4 +1,8 @@
-FROM node:alpine
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18-alpine
+
+FROM $BASE_IMAGE
 
 RUN apk update && \
     apk upgrade && \
diff --git a/testharness2.dockerfile b/testharness2.dockerfile
index 8e505cf218..e63f565817 100644
--- a/testharness2.dockerfile
+++ b/testharness2.dockerfile
@@ -1,4 +1,8 @@
-FROM node:alpine
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18-alpine
+
+FROM $BASE_IMAGE
 
 RUN apk update && \
     apk upgrade && \