diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml
index f7fb8f5ab1..1b24040eb3 100644
--- a/.github/workflows/release-build.yaml
+++ b/.github/workflows/release-build.yaml
@@ -523,7 +523,7 @@ jobs:
           file: ./scanners/${{ matrix.scanner }}/scanner/Dockerfile
           build-args: |
             baseImageTag=${{ env.baseImageTag }}
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
diff --git a/scanners/screenshooter/README.md b/scanners/screenshooter/README.md
index 2d79bdf6ec..eaf7d6380f 100644
--- a/scanners/screenshooter/README.md
+++ b/scanners/screenshooter/README.md
@@ -76,7 +76,7 @@ Kubernetes: `>=v1.11.0-0`
 | scanner.activeDeadlineSeconds | string | `nil` | There are situations where you want to fail a scan Job after some amount of time. To do so, set activeDeadlineSeconds to define an active deadline (in seconds) when considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#job-termination-and-cleanup) |
 | scanner.affinity | object | `{}` | Optional affinity settings that control how the scanner job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) |
 | scanner.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) |
-| scanner.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) |
+| scanner.env | list | `[{"name":"MOZ_HEADLESS","value":"1"},{"name":"MOZ_DISABLE_CONTENT_SANDBOX","value":"1"},{"name":"MOZ_ENABLE_WAYLAND","value":"0"}]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/). Has default env vars set to run firefox without sandboxing. (the container is already sandboxed.) If you have a cluster with proper linux namespace support you might be able to use it without disabling the sandbox. |
 | scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
 | scanner.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
 | scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
diff --git a/scanners/screenshooter/docs/README.ArtifactHub.md b/scanners/screenshooter/docs/README.ArtifactHub.md
index 9b4c7bc494..d910818be3 100644
--- a/scanners/screenshooter/docs/README.ArtifactHub.md
+++ b/scanners/screenshooter/docs/README.ArtifactHub.md
@@ -81,7 +81,7 @@ Kubernetes: `>=v1.11.0-0`
 | scanner.activeDeadlineSeconds | string | `nil` | There are situations where you want to fail a scan Job after some amount of time. To do so, set activeDeadlineSeconds to define an active deadline (in seconds) when considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#job-termination-and-cleanup) |
 | scanner.affinity | object | `{}` | Optional affinity settings that control how the scanner job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) |
 | scanner.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) |
-| scanner.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) |
+| scanner.env | list | `[{"name":"MOZ_HEADLESS","value":"1"},{"name":"MOZ_DISABLE_CONTENT_SANDBOX","value":"1"},{"name":"MOZ_ENABLE_WAYLAND","value":"0"}]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/). Has default env vars set to run firefox without sandboxing. (the container is already sandboxed.) If you have a cluster with proper linux namespace support you might be able to use it without disabling the sandbox. |
 | scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
 | scanner.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
 | scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
diff --git a/scanners/screenshooter/scanner/Dockerfile b/scanners/screenshooter/scanner/Dockerfile
index 457fa61fe5..5ac69a31cf 100644
--- a/scanners/screenshooter/scanner/Dockerfile
+++ b/scanners/screenshooter/scanner/Dockerfile
@@ -5,7 +5,14 @@
 # This is using debian rather than alpine, as firefox on alpine seems to be missing some crucial fonts.
 # This lets the screenshots taken on alpine look weird
 FROM debian:13.4
-RUN apt-get update && apt-get install firefox-esr -y
+RUN apt-get update && apt-get install -y \
+    firefox-esr \
+    libpci-dev \
+    libgl1-mesa-dri \
+    libglx-mesa0 \
+    libdbus-glib-1-2 \
+    && rm -rf /var/lib/apt/lists/*
+
 RUN groupadd -g 1001 screenshooter \
     && useradd -M -u 1001 -g 1001 securecodebox
 COPY wrapper.sh ./
diff --git a/scanners/screenshooter/values.yaml b/scanners/screenshooter/values.yaml
index 2f57966b69..e35fc19595 100644
--- a/scanners/screenshooter/values.yaml
+++ b/scanners/screenshooter/values.yaml
@@ -65,8 +65,14 @@ scanner:
   #       memory: "512Mi"
   #       cpu: "500m"
 
-  # scanner.env -- Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)
-  env: []
+  # scanner.env -- Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/). Has default env vars set to run firefox without sandboxing. (the container is already sandboxed.) If you have a cluster with proper linux namespace support you might be able to use it without disabling the sandbox.
+  env:
+    - name: MOZ_HEADLESS
+      value: "1"
+    - name: MOZ_DISABLE_CONTENT_SANDBOX
+      value: "1"
+    - name: MOZ_ENABLE_WAYLAND
+      value: "0"
 
   # scanner.extraVolumes -- Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/)
   extraVolumes: []
diff --git a/scanners/test-scan/Chart.yaml b/scanners/test-scan/Chart.yaml
index de6ef2f5ff..078a48e331 100644
--- a/scanners/test-scan/Chart.yaml
+++ b/scanners/test-scan/Chart.yaml
@@ -12,6 +12,9 @@ version: v3.1.0-alpha1
 appVersion: "1.0"
 kubeVersion: ">=v1.11.0-0"
 
+annotations:
+  supported-platforms: linux/amd64,linux/arm64
+
 keywords:
   - security
   - scanner