diff --git a/Dockerfile b/Dockerfile
index cf8d0fb79f..c04a5fc9b0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,20 +22,18 @@
 # be world-readable!
 #
 #
-FROM --platform=linux/amd64 debian:bullseye
+FROM --platform=linux/amd64 python:3.11-slim-bookworm
 
 #### Prepare the OS base setup ###
 
 ENV DEBIAN_FRONTEND noninteractive
 
-RUN echo 'deb-src http://deb.debian.org/debian bullseye main' >> /etc/apt/sources.list.d/srcpkg.list && \
-    echo 'deb-src http://security.debian.org/debian-security bullseye-security main' >> /etc/apt/sources.list.d/srcpkg.list
 RUN apt-get update && \
     apt-get -y --no-install-recommends install \
             locales \
             python3-dbg gdb \
             sudo python3-dev python3-pip python3-virtualenv build-essential supervisor \
-	    debian-keyring debian-archive-keyring ca-certificates curl gpg
+            debian-keyring debian-archive-keyring ca-certificates curl gpg
 
 ## Use deb.nodesource.com to fetch more modern versions of Node/NPM than Debian can provide
 RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg && \
@@ -55,6 +53,8 @@ RUN echo "${TIMEZONE}" > /etc/timezone && cp /usr/share/zoneinfo/${TIMEZONE} /et
 
 RUN apt-get update \
     && apt-get -y --no-install-recommends install \
+       build-essential \
+       supervisor \
        git-core \
        libsnmp40 \
        cron \
@@ -76,10 +76,18 @@ RUN apt-get update \
        iputils-ping \
        snmp
 
+ENV VIRTUAL_ENV=/opt/venv
+RUN python3 -m venv $VIRTUAL_ENV
+ENV PATH="$VIRTUAL_ENV/bin:$PATH"
+
 RUN adduser --system --group --no-create-home --home=/source --shell=/bin/bash nav
+RUN mkdir -p /source && echo "export PATH=$PATH" >> /source/.bashrc
+
+RUN pip install --upgrade 'setuptools>=61' wheel && \
+    pip install --upgrade pip pip-tools build
 
-RUN pip3 install --upgrade 'setuptools>=61' wheel && \
-    pip3 install --upgrade 'pip<=23.1.0' pip-tools build
+ARG CUSTOM_PIP=ipython
+RUN pip install ${CUSTOM_PIP}
 
 #################################################################################
 ### COPYing the requirements file to pip-install Python requirements may bust ###
@@ -94,13 +102,9 @@ COPY requirements.txt /
 COPY constraints.txt /
 COPY tests/requirements.txt /test-requirements.txt
 COPY doc/requirements.txt /doc-requirements.txt
-# Since we used pip3 to install pip globally, pip should now be for Python 3
 RUN pip-compile --resolver=backtracking --output-file /requirements.txt.lock -c /constraints.txt /requirements.txt /test-requirements.txt /doc-requirements.txt
 RUN pip install -r /requirements.txt.lock
 
-ARG CUSTOM_PIP=ipython
-RUN pip install ${CUSTOM_PIP}
-
 COPY tools/docker/full-nav-restore.sh /usr/local/sbin/full-nav-restore.sh
 
 # Set up for mounting live source code from git repo at /source
diff --git a/tools/docker/build.sh b/tools/docker/build.sh
index 41fa1e5f2f..136a84d2ff 100755
--- a/tools/docker/build.sh
+++ b/tools/docker/build.sh
@@ -8,9 +8,10 @@ if [[ ! -f "/source/setup.py" ]]; then
 fi
 
 cd /source
-sudo -u nav python3 -m build
+
+sudo -u nav env PATH=$PATH python3 -m build
 pip install -e .
-sudo -u nav python3 setup.py build_sass
+sudo -u nav env PATH=$PATH python3 setup.py build_sass
 
 if [[ ! -f "/etc/nav/nav.conf" ]]; then
     echo "Copying initial NAV config files into this container"
diff --git a/tools/docker/doc-watch.sh b/tools/docker/doc-watch.sh
index 371a85cab9..533daee98c 100755
--- a/tools/docker/doc-watch.sh
+++ b/tools/docker/doc-watch.sh
@@ -3,11 +3,11 @@
 #
 cd /source
 # Build once first
-sudo -u nav python3 -m build  # ensure build data and .eggs aren't stored as root
+sudo -u nav env PATH=$PATH python3 -m build  # ensure build data and .eggs aren't stored as root
 pip install -e .
-sudo -u nav sphinx-build doc/ build/sphinx/html/
+sudo -u nav env PATH=$PATH sphinx-build doc/ build/sphinx/html/
 # Then re-build on any changes to the doc directory
 while inotifywait -e modify -e move -e create -e delete -r --exclude \# /source/doc /source/NOTES.rst
 do
-  sudo -u nav sphinx-build doc/ build/sphinx/html/
+  sudo -u nav env PATH=$PATH sphinx-build doc/ build/sphinx/html/
 done
diff --git a/tools/docker/graphite/Dockerfile b/tools/docker/graphite/Dockerfile
index abc706eb95..3a24e029bf 100644
--- a/tools/docker/graphite/Dockerfile
+++ b/tools/docker/graphite/Dockerfile
@@ -1,13 +1,9 @@
-FROM debian:buster
+FROM debian:bookworm
 
 #### Prepare the OS base setup ###
 
 ENV DEBIAN_FRONTEND noninteractive
 
-RUN echo 'deb-src http://deb.debian.org/debian buster main' >> /etc/apt/sources.list.d/srcpkg.list && \
-    echo 'deb-src http://security.debian.org/debian-security buster/updates main' >> /etc/apt/sources.list.d/srcpkg.list && \
-    echo 'deb-src http://deb.debian.org/debian buster-updates main' >> /etc/apt/sources.list.d/srcpkg.list
-
 RUN apt-get update && \
     apt-get -y --no-install-recommends install \
             locales \
diff --git a/tools/docker/syncdb.sh b/tools/docker/syncdb.sh
index 781ca67353..70dc9b2f77 100755
--- a/tools/docker/syncdb.sh
+++ b/tools/docker/syncdb.sh
@@ -2,4 +2,4 @@
 cd /source
 export PGHOST=postgres PGUSER=postgres
 psql -l -t | grep -q '^ *nav' || navsyncdb -c
-sudo -u nav navsyncdb -o
+sudo -u nav env PATH=$PATH navsyncdb -o
diff --git a/tools/forward/Dockerfile b/tools/forward/Dockerfile
index dc02f9586b..f06f91067d 100644
--- a/tools/forward/Dockerfile
+++ b/tools/forward/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye
+FROM debian:bookworm
 RUN apt-get update && apt-get install -y openssh-server socat sudo tini
 RUN echo '%adm ALL=NOPASSWD: /usr/bin/socat' > /etc/sudoers.d/socat
 RUN chmod 0440 /etc/sudoers.d/socat