diff --git a/build/docker/intel-fpga-admissionwebhook.Dockerfile b/build/docker/intel-fpga-admissionwebhook.Dockerfile
index 2f39ddaf..734a1298 100644
--- a/build/docker/intel-fpga-admissionwebhook.Dockerfile
+++ b/build/docker/intel-fpga-admissionwebhook.Dockerfile
@@ -1,10 +1,35 @@
-FROM golang:1.11 as builder
+# CLEAR_LINUX_BASE and CLEAR_LINUX_VERSION can be used to make the build
+# reproducible by choosing an image by its hash and installing an OS version
+# with --version=:
+# CLEAR_LINUX_BASE=clearlinux@sha256:b8e5d3b2576eb6d868f8d52e401f678c873264d349e469637f98ee2adf7b33d4
+# CLEAR_LINUX_VERSION="--version=29970"
+#
+# This is used on release branches before tagging a stable version.
+# The master branch defaults to using the latest Clear Linux.
+ARG CLEAR_LINUX_BASE=clearlinux/golang:latest
+
+FROM ${CLEAR_LINUX_BASE} as builder
+
+ARG CLEAR_LINUX_VERSION=
+
+RUN swupd update --no-boot-update ${CLEAR_LINUX_VERSION}
+RUN mkdir /install_root \
+    && swupd os-install \
+    ${CLEAR_LINUX_VERSION} \
+    --path /install_root \
+    --statedir /swupd-state \
+    --bundles=os-core \
+    --no-boot-update \
+    && rm -rf /install_root/var/lib/swupd/*
+
 ARG DIR=/go/src/github.com/intel/intel-device-plugins-for-kubernetes
 WORKDIR $DIR
 COPY . .
 RUN cd cmd/fpga_admissionwebhook; go install
-RUN chmod a+x /go/bin/fpga_admissionwebhook
+RUN chmod a+x /go/bin/fpga_admissionwebhook \
+    && install -D /go/bin/fpga_admissionwebhook /install_root/usr/local/bin/intel_fpga_admissionwebhook \
+    && install -D ${DIR}/LICENSE /install_root/usr/local/share/package-licenses/intel-device-plugins-for-kubernetes/LICENSE
 
-FROM gcr.io/distroless/base
-COPY --from=builder /go/bin/fpga_admissionwebhook /usr/bin/intel_fpga_admissionwebhook
-CMD ["/usr/bin/intel_fpga_admissionwebhook"]
+FROM scratch as final
+COPY --from=builder /install_root /
+CMD ["/usr/local/bin/intel_fpga_admissionwebhook"]
diff --git a/build/docker/intel-fpga-initcontainer.Dockerfile b/build/docker/intel-fpga-initcontainer.Dockerfile
index 86632c7a..95c5e318 100644
--- a/build/docker/intel-fpga-initcontainer.Dockerfile
+++ b/build/docker/intel-fpga-initcontainer.Dockerfile
@@ -1,13 +1,22 @@
-FROM clearlinux:base as builder
+# CLEAR_LINUX_BASE and CLEAR_LINUX_VERSION can be used to make the build
+# reproducible by choosing an image by its hash and installing an OS version
+# with --version=:
+# CLEAR_LINUX_BASE=clearlinux@sha256:b8e5d3b2576eb6d868f8d52e401f678c873264d349e469637f98ee2adf7b33d4
+# CLEAR_LINUX_VERSION="--version=29970"
+#
+# This is used on release branches before tagging a stable version.
+# The master branch defaults to using the latest Clear Linux.
+ARG CLEAR_LINUX_BASE=clearlinux/golang:latest
 
-# Move to latest Clear Linux release
-# ARG swupd_args
-# RUN swupd update --no-boot-update $swupd_args
+FROM ${CLEAR_LINUX_BASE} as builder
 
-# Fetch dependencies and source code
+ARG CLEAR_LINUX_VERSION=
 ARG OPAE_RElEASE=1.3.2-1
 
-RUN swupd bundle-add wget c-basic go-basic devpkg-json-c devpkg-util-linux devpkg-hwloc doxygen Sphinx && \
+RUN swupd update --no-boot-update ${CLEAR_LINUX_VERSION}
+
+# Fetch dependencies and source code
+RUN swupd bundle-add wget c-basic devpkg-json-c devpkg-util-linux devpkg-hwloc doxygen Sphinx && \
     mkdir -p /usr/src/opae && \
     cd /usr/src/opae && \
     wget https://github.com/OPAE/opae-sdk/archive/${OPAE_RElEASE}.tar.gz && \
@@ -21,11 +30,10 @@ RUN cd /usr/src/opae/opae-sdk-${OPAE_RElEASE} && \
     make xfpga board_rc fpgaconf fpgainfo
 
 # Install clean os-core and rsync bundle in target directory
-RUN source /usr/lib/os-release \
-    && mkdir /install_root \
-    && swupd os-install -V ${VERSION_ID} \
+RUN mkdir /install_root \
+    && swupd os-install ${CLEAR_LINUX_VERSION} \
     --path /install_root --statedir /swupd-state \
-    --bundles=os-core,rsync --no-scripts \
+    --bundles=os-core,rsync --no-boot-update \
     && rm -rf /install_root/var/lib/swupd/*
 
 # Build CRI Hook
@@ -75,4 +83,4 @@ ln -sf $HOOK_CONF_DST /etc/containers/oci/hooks.d/$HOOK_CONF\n\
 rm $DST_DIR/deploy.sh\n\
 ">> $SRC_DIR/deploy.sh && chmod +x $SRC_DIR/deploy.sh
 
-CMD [ "/opt/intel/fpga-sw.src/deploy.sh" ]
\ No newline at end of file
+CMD [ "/opt/intel/fpga-sw.src/deploy.sh" ]
diff --git a/build/docker/intel-fpga-plugin.Dockerfile b/build/docker/intel-fpga-plugin.Dockerfile
index 25fc77a6..9221e49a 100644
--- a/build/docker/intel-fpga-plugin.Dockerfile
+++ b/build/docker/intel-fpga-plugin.Dockerfile
@@ -1,10 +1,35 @@
-FROM golang:1.11 as builder
+# CLEAR_LINUX_BASE and CLEAR_LINUX_VERSION can be used to make the build
+# reproducible by choosing an image by its hash and installing an OS version
+# with --version=:
+# CLEAR_LINUX_BASE=clearlinux@sha256:b8e5d3b2576eb6d868f8d52e401f678c873264d349e469637f98ee2adf7b33d4
+# CLEAR_LINUX_VERSION="--version=29970"
+#
+# This is used on release branches before tagging a stable version.
+# The master branch defaults to using the latest Clear Linux.
+ARG CLEAR_LINUX_BASE=clearlinux/golang:latest
+
+FROM ${CLEAR_LINUX_BASE} as builder
+
+ARG CLEAR_LINUX_VERSION=
+
+RUN swupd update --no-boot-update ${CLEAR_LINUX_VERSION}
+RUN mkdir /install_root \
+    && swupd os-install \
+    ${CLEAR_LINUX_VERSION} \
+    --path /install_root \
+    --statedir /swupd-state \
+    --bundles=os-core \
+    --no-boot-update \
+    && rm -rf /install_root/var/lib/swupd/*
+
 ARG DIR=/go/src/github.com/intel/intel-device-plugins-for-kubernetes
 WORKDIR $DIR
 COPY . .
 RUN cd cmd/fpga_plugin; go install
-RUN chmod a+x /go/bin/fpga_plugin
+RUN chmod a+x /go/bin/fpga_plugin \
+    && install -D /go/bin/fpga_plugin /install_root/usr/local/bin/intel_fpga_device_plugin \
+    && install -D ${DIR}/LICENSE /install_root/usr/local/share/package-licenses/intel-device-plugins-for-kubernetes/LICENSE
 
-FROM gcr.io/distroless/base
-COPY --from=builder /go/bin/fpga_plugin /usr/bin/intel_fpga_device_plugin
-CMD ["/usr/bin/intel_fpga_device_plugin"]
+FROM scratch as final
+COPY --from=builder /install_root /
+CMD ["/usr/local/bin/intel_fpga_device_plugin"]
diff --git a/demo/clearlinux-demo-opae/Dockerfile b/demo/clearlinux-demo-opae/Dockerfile
index 568803c6..e3211a83 100644
--- a/demo/clearlinux-demo-opae/Dockerfile
+++ b/demo/clearlinux-demo-opae/Dockerfile
@@ -1,8 +1,18 @@
-FROM clearlinux:base as builder
+# CLEAR_LINUX_BASE and CLEAR_LINUX_VERSION can be used to make the build
+# reproducible by choosing an image by its hash and installing an OS version
+# with --version=:
+# CLEAR_LINUX_BASE=clearlinux@sha256:b8e5d3b2576eb6d868f8d52e401f678c873264d349e469637f98ee2adf7b33d4
+# CLEAR_LINUX_VERSION="--version=29970"
+#
+# This is used on release branches before tagging a stable version.
+# The master branch defaults to using the latest Clear Linux.
+ARG CLEAR_LINUX_BASE=clearlinux:latest
 
-# Move to latest Clear Linux release
-# ARG swupd_args
-# RUN swupd update --no-boot-update $swupd_args
+FROM ${CLEAR_LINUX_BASE} as builder
+
+ARG CLEAR_LINUX_VERSION=
+
+RUN swupd update --no-boot-update ${CLEAR_LINUX_VERSION}
 
 # Fetch dependencies and source code
 ARG OPAE_RElEASE=1.3.2-1
@@ -21,11 +31,11 @@ RUN cd /usr/src/opae/opae-sdk-${OPAE_RElEASE} && \
     make xfpga nlb0 nlb3
 
 # Install clean os-core and libstdcpp bundle in target directory
-RUN source /usr/lib/os-release \
-    && mkdir /install_root \
-    && swupd os-install -V ${VERSION_ID} \
+RUN mkdir /install_root \
+    && swupd os-install  \
+    ${CLEAR_LINUX_VERSION} \
     --path /install_root --statedir /swupd-state \
-    --bundles=os-core,libstdcpp --no-scripts \
+    --bundles=os-core,libstdcpp --no-boot-update \
     && rm -rf /install_root/var/lib/swupd/*
 
 # Minimal result image