diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a9949bc1a35979f802db06ce8abdbfd347108e78..a8bcd0191d44708a37602edbde1150c566089890 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,9 +5,7 @@ stages:
 
 .config:
   image: docker
-  services:
-    - docker:dind
-  tags: ['docker']
+  tags: ['ci.inria.fr']
   artifacts:
     untracked: true
   timeout: 2h
@@ -15,36 +13,24 @@ stages:
 before_script:
   - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 
-build-ci:
+build-base:
   stage: build-first-layout
   rules:
     - changes:
-        - dockerfile-ci
+        - dockerfile-base
   script:
-    - docker build -f dockerfile-ci -t $CI_REGISTRY_IMAGE/ci . | tee build.log
-    - docker push $CI_REGISTRY_IMAGE/ci
+    - docker build -f dockerfile-base -t $CI_REGISTRY_IMAGE/base . | tee build.log
+    - docker push $CI_REGISTRY_IMAGE/base
   extends: .config
 
-build-distrib:
+build-analysis:
   stage: build-second-layout
   rules:
     - changes:
-        - dockerfile-ci
-        - dockerfile-distrib
+      - dockerfile-base
+      - dockerfile-analysis
   script:
-    - docker build -f dockerfile-distrib -t $CI_REGISTRY_IMAGE/distrib .
+    - docker build -f dockerfile-analysis -t $CI_REGISTRY_IMAGE/analysis .
         | tee build.log
-    - docker push $CI_REGISTRY_IMAGE/distrib
-  extends: .config
-
-build-vite:
-  stage: build-second-layout
-  rules:
-    - changes:
-      - dockerfile-ci
-      - dockerfile-vite
-  script:
-    - docker build -f dockerfile-vite -t $CI_REGISTRY_IMAGE/vite .
-        | tee build.log
-    - docker push $CI_REGISTRY_IMAGE/vite
+    - docker push $CI_REGISTRY_IMAGE/analysis
   extends: .config
diff --git a/dockerfile-analysis b/dockerfile-analysis
new file mode 100644
index 0000000000000000000000000000000000000000..a0fd5d823abbe376ef8ddc67ea62ef4129bff655
--- /dev/null
+++ b/dockerfile-analysis
@@ -0,0 +1,41 @@
+FROM registry.gitlab.inria.fr/solverstack/docker/base
+
+USER root
+
+RUN apt-get -y upgrade --no-install-recommends libexpat1-dev vera++
+RUN apt-get autoremove -y
+RUN apt-get autoclean -y
+RUN apt-get purge -y
+
+ENV version_rats 2.4
+RUN cd /opt/ && \
+    wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/rough-auditing-tool-for-security/rats-${version_rats}.tgz && \
+    tar -xzvf rats-${version_rats}.tgz && \
+    cd rats-${version_rats} && \
+    ./configure && make && sudo make install && \
+    rm /opt/rats-2.4.tgz
+
+ENV version_drmemory 2.6.0
+RUN cd /opt && \
+    wget https://github.com/DynamoRIO/drmemory/releases/download/release_${version_drmemory}/DrMemory-Linux-${version_drmemory}.tar.gz && \
+    tar xf DrMemory-Linux-${version_drmemory}.tar.gz
+
+RUN cd /opt && \
+    wget --no-check-certificate https://scan.coverity.com/download/linux64 --post-data "token=TPvx1_FxIoOMK3-4GnuAlg&project=Chameleon" -O coverity_tool.tgz && \
+    tar xf coverity_tool.tgz && \
+    ln -s -f $PWD/cov-analysis-linux64-*/bin/cov-build /usr/local/bin/cov-build && \
+    rm /opt/coverity_tool.tgz
+
+RUN cd /opt && \
+    git clone https://github.com/SonarOpenCommunity/sonar-cxx.git && \
+    chmod +x /opt/sonar-cxx/cxx-sensors/src/tools/vera++Report2checkstyleReport.perl && \
+    ln -s /opt/sonar-cxx/cxx-sensors/src/tools/vera++Report2checkstyleReport.perl /usr/local/bin/vera++Report2checkstyleReport.perl
+
+ENV version_sonarscanner 6.2.1.4610
+RUN cd /opt && \
+    wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${version_sonarscanner}-linux-x64.zip && \
+    unzip sonar-scanner-cli-${version_sonarscanner}-linux-x64.zip && \
+    ln -s /opt/sonar-scanner-${version_sonarscanner}-linux-x64/bin/sonar-scanner /usr/local/bin/sonar-scanner && \
+    rm /opt/sonar-scanner-cli-${version_sonarscanner}-linux-x64.zip
+
+USER gitlab
diff --git a/dockerfile-base b/dockerfile-base
new file mode 100644
index 0000000000000000000000000000000000000000..31a92cc070f7a37684507ec8b5c8ad28df0c7f94
--- /dev/null
+++ b/dockerfile-base
@@ -0,0 +1,44 @@
+FROM ubuntu:24.04
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get -y update
+
+RUN apt-get -y upgrade --no-install-recommends \
+    # linux base packages
+    adduser bash bzip2 ca-certificates cpio curl git jq sudo unzip vim wget \
+    # dev tools
+    clang clang-format clang-tidy cppcheck doxygen gcovr lcov pkg-config valgrind \
+    # C/Fortran compiling tools
+    build-essential cmake cmake-data cmake-curses-gui gfortran \
+    # Python tools
+    python-is-python3 python3-pip python3-setuptools
+
+RUN apt-get autoremove -y
+RUN apt-get autoclean -y
+RUN apt-get purge -y
+
+RUN pip install --break-system-packages lcov_cobertura scan-build
+
+# Install git-archive-all to get submodules when using git archive
+RUN cd /opt && \
+    git clone https://github.com/Kentzo/git-archive-all.git && \
+    cp /opt/git-archive-all/git_archive_all.py /opt/git-archive-all/git-archive-all && \
+    chmod +x /opt/git-archive-all/git-archive-all && \
+    ln -s /opt/git-archive-all/git-archive-all /usr/local/bin/git-archive-all
+
+# Create gitlab user
+RUN groupadd -f -g 1001 gitlab && \
+    useradd -u 1001 -g gitlab -ms /bin/bash gitlab && \
+    echo "gitlab:gitlab" | chpasswd && adduser gitlab sudo
+
+RUN usermod -aG sudo gitlab
+RUN chown -R gitlab:gitlab /home/gitlab/
+
+USER gitlab
+
+# change the default shell to be bash
+SHELL ["/bin/bash", "-c"]
+
+# default working directory is
+WORKDIR /home/gitlab