diff --git a/Dockerfile b/Dockerfile
index 0b50fc1e10edba8d1c1936eb28d253c4649bc8a3..47e81a02a871dcb3e0106f07d94c2d9253e89434 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,30 +1,62 @@
-ARG BASE_REGISTRY=registry1.dsop.io
+ARG BASE_REGISTRY=registry1.dso.mil
 ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk8
 ARG BASE_TAG=1.8.0
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
-COPY apache-activemq-artemis.tar.gz /scripts/docker-run.sh opt/
+###
+### upstream Dockerfile: https://github.com/apache/activemq-artemis/blob/master/artemis-docker/Dockerfile-centos
+###
 
 # Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-
 WORKDIR /opt
 
+# root user is needed to perform dnf upgrade/install
 USER root
 
+# add user and group for artemis
+# install libaio
 RUN groupadd -g 1001 -r artemis; \
     useradd -r -u 1001 -g artemis artemis; \
     dnf upgrade -y; \
-    dnf install -y libaio --setopt=tsflags=nodocs; \
+    dnf install -y --nodocs libaio; \
     dnf clean all; \
-    rm -rf /var/cache/dnf; \
-    mkdir -p /opt/activemq-artemis; \
-    tar -zxf apache-activemq-artemis.tar.gz --strip-components=1 -C /opt/activemq-artemis; \
-    rm -f apache-activemq-artemis.tar.gz; \
-    chmod +x docker-run.sh; \
+    rm -rf /var/cache/dnf
+
+USER artemis
+
+# add artemis download and entrypoint script to opt/
+COPY activemq-artemis.tar.gz /scripts/docker-run.sh opt/
+
+# Web Server
+EXPOSE 8161 \
+# JMX Exporter
+    9404 \
+# Port for CORE,MQTT,AMQP,HORNETQ,STOMP,OPENWIRE
+    61616 \
+# Port for HORNETQ,STOMP
+    5445 \
+# Port for AMQP
+    5672 \
+# Port for MQTT
+    1883 \
+#Port for STOMP
+    61613
+
+# root user is needed to untar
+USER root
+
+# create directory for activemq-artemis
+# untar the download to the correct location
+# create directory and change ownership for artemis-instance
+# change mode of entrypoint script to allow execution
+RUN mkdir -p /opt/activemq-artemis; \
+    tar -zxf activemq-artemis.tar.gz --strip-components=1 -C /opt/activemq-artemis; \
+    rm -f activemq-artemis.tar.gz; \
     mkdir /var/lib/artemis-instance; \
-    chown -R artemis.artemis /var/lib/artemis-instance
+    chown -R artemis.artemis /var/lib/artemis-instance; \
+    chmod +x docker-run.sh
 
 USER artemis
 
@@ -36,9 +68,11 @@ EXPOSE 8161 \
        1883 \
        61613
 
+# Expose some outstanding folders (excluding VOLUME directive)
 WORKDIR /var/lib/artemis-instance
 
 ENTRYPOINT ["/opt/docker-run.sh"]
 CMD ["run"]
 
+# add HEALTHCHECK for web server
 HEALTHCHECK CMD curl -f localhost:8161 || exit 1
\ No newline at end of file
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 45076ce7f8e91d9a272920371768b3af4c7971d3..21a7aa2dcc4c94e93e84a128ad1e79bd5cea2d66 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,7 +8,7 @@ name: "opensource/apache/active-mq-artemis"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-- "2.16.0"
+- "2.17.0"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
@@ -27,7 +27,7 @@ labels:
   org.opencontainers.image.url: "http://activemq.apache.org/components/artemis/"
   ## Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "Apache"
-  org.opencontainers.image.version: "2.16.0"
+  org.opencontainers.image.version: "2.17.0"
   ## Keywords to help with search (ex. "cicd,gitops,golang")
   # mil.dso.ironbank.image.keywords: "FIXME"
   ## This value can be "opensource" or "commercial"
@@ -37,11 +37,11 @@ labels:
 
 # List of resources to make available to the offline build context
 resources:
-- filename: apache-activemq-artemis.tar.gz
-  url: https://downloads.apache.org/activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz
+- filename: activemq-artemis.tar.gz
+  url: https://downloads.apache.org/activemq/activemq-artemis/2.17.0/apache-artemis-2.17.0-bin.tar.gz
   validation:
     type: sha512
-    value: 4990a6b742b08bff6a4c7b310d2610565b08a2a02e1a7aec065460d16f8a6fe3d4fe91a8040839f93d7c2eab09fd6a79848fb130f9820559ee3e81dcf8d51ead
+    value: 1d0287d9c3b9c3f38d691174e9f64e98a9592987d6446bc05e5a13c35cb832a82ef1bebf278a98ccab0270e479ced4b2b93072e64bdf73b4a07a4a7091c2a25f
 
 # List of project maintainers
 # FIXME: Fill in the following details for the current container owner in the whitelist
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000000000000000000000000000000000000..46ecf841cf524269a6c32fc0f7ff64315c04e521
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,3 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+}
\ No newline at end of file