diff --git a/.cirrus.yml b/.cirrus.yml
index 9e4d40d3b6..4c0909a807 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -404,7 +404,7 @@ docker_build_template: &DOCKER_BUILD_TEMPLATE
   set_image_tag_script: echo "IMAGE_TAG=zeek/zeek-multiarch:${CIRRUS_ARCH}" >> $CIRRUS_ENV
 
   env:
-    ZEEK_CONFIGURE_FLAGS: --ccache --generator=Ninja --build-type=Release --disable-btest-pcaps
+    ZEEK_CONFIGURE_FLAGS: --ccache --generator=Ninja --build-type=Release --disable-btest-pcaps --disable-cpp-tests --disable-broker-tests
     CIRRUS_LOG_TIMESTAMP: true
     BUILDER_IMAGE_CACHE_DIR: /tmp/builder-image-cache
     ZEEK_IMAGE_CACHE_DIR: /tmp/zeek-image-cache-${CIRRUS_ARCH}
@@ -441,6 +441,9 @@ docker_build_template: &DOCKER_BUILD_TEMPLATE
   build_final_script:
     - cd docker && docker build --cache-from ${IMAGE_TAG} -t ${IMAGE_TAG} -f final.Dockerfile .
     - docker save ${IMAGE_TAG} | zstd > ${ZEEK_IMAGE_CACHE_DIR}/final.zst
+  test_script:
+    - docker tag ${IMAGE_TAG} zeek:latest
+    - make -C docker/btest
 
 arm64_container_image_docker_builder:
   env:
diff --git a/CHANGES b/CHANGES
index aa3d03b5d9..6f169906fb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,16 @@
+5.2.0-dev.609 | 2023-02-01 20:55:45 +0100
+
+  * docker: Extend tests to run a very basic Zeek script (Arne Welzel, Corelight)
+
+    Mostly because a `-v` shortcuts quite, while a zeek -e 'print zeek_version()'
+    will also parse all base scripts, etc.
+
+  * cirrus: No broker-tests and no cpp-tests for images (Arne Welzel, Corelight)
+
+  * docker: Update Makefile/README to align with the Cirrus CI setup (Arne Welzel, Corelight)
+
+  * cirrus: Add back testing of container images (Arne Welzel, Corelight)
+
 5.2.0-dev.604 | 2023-02-01 10:48:03 -0700
 
   * Restore/rename field in SMB2::Fscontrol record type (Tim Wojtulewicz, Corelight)
diff --git a/VERSION b/VERSION
index 161d9869bc..51813660f0 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-5.2.0-dev.604
+5.2.0-dev.609
diff --git a/docker/Dockerfile b/docker/Dockerfile
deleted file mode 100644
index 8d8673f097..0000000000
--- a/docker/Dockerfile
+++ /dev/null
@@ -1,63 +0,0 @@
-# See the file "COPYING" in the main distribution directory for copyright.
-
-# Layer to build Zeek.
-FROM debian:bullseye-slim AS build
-
-# Configure system for build.
-RUN apt-get -q update \
- && apt-get install -q -y --no-install-recommends \
-     bind9 \
-     bison \
-     cmake \
-     flex \
-     g++ \
-     gcc \
-     libfl2 \
-     libfl-dev \
-     libmaxminddb-dev \
-     libpcap-dev \
-     libssl-dev \
-     libz-dev \
-     make \
-     python3-minimal \
-     python3.9-dev \
-     swig \
-     ninja-build \
-     python3-pip \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-# Copy over the Zeek source tree.
-# NOTE: This assumes that we build in the context of the parent directory (the
-# Git checkout root). We e.g., ensure that in the `Makefile` in this directory.
-COPY . /src/zeek
-RUN make -C /src/zeek distclean
-
-ARG CONFFLAGS="--generator=Ninja --build-type=Release"
-
-WORKDIR /src/zeek
-RUN ./configure $CONFFLAGS && ninja -C build install
-
-# Final layer containing all artifacts.
-FROM debian:bullseye-slim AS final
-
-RUN apt-get -q update \
- && apt-get install -q -y --no-install-recommends \
-     ca-certificates \
-     git \
-     libmaxminddb0 \
-     libpython3.9 \
-     libpcap0.8 \
-     libssl1.1 \
-     libz1 \
-     python3-minimal \
-     python3-git \
-     python3-semantic-version \
-     python3-websocket \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-# Copy over Zeek installation.
-COPY --from=build /usr/local/zeek /usr/local/zeek
-ENV PATH "/usr/local/zeek/bin:${PATH}"
-ENV PYTHONPATH "/usr/local/zeek/lib/zeek/python:${PYTHONPATH}"
diff --git a/docker/Makefile b/docker/Makefile
index 696afc690d..9fdd002b5b 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -1,12 +1,30 @@
 # See the file "COPYING" in the main distribution directory for copyright.
 
-VERSION := $$(cat ../VERSION)
+VERSION := $(shell cat ../VERSION)
+DOCKER ?= docker
+BUILD_IMAGE := zeek-builder:$(VERSION)
+BUILD_CONTAINER := zeek-builder-container-$(VERSION)
+ZEEK_IMAGE ?= zeek:$(VERSION)"
+BUILD_DIR ?= build-docker
+ZEEK_CONFIGURE_FLAGS ?= \
+	--build-dir=$(BUILD_DIR) \
+	--generator=Ninja \
+	--build-type=Release \
+	--disable-btest-pcaps \
+	--disable-broker-tests \
+	--disable-cpp-tests
 
 .PHONY: all
 
 all:
-	@docker build -t zeek:$(VERSION) -f Dockerfile ..
-	@docker tag zeek:$(VERSION) zeek:latest
+	-docker rm $(BUILD_CONTAINER)
+	docker build -t $(BUILD_IMAGE) -f builder.Dockerfile .
+	docker run --name $(BUILD_CONTAINER) \
+		-v $(CURDIR)/../:/src/zeek -w /src/zeek \
+		$(BUILD_IMAGE) bash -xeu -c "./configure $(ZEEK_CONFIGURE_FLAGS) && ninja -C $(BUILD_DIR) install"
+	docker commit $(BUILD_CONTAINER) zeek-build
+	docker build -t $(ZEEK_IMAGE) -f final.Dockerfile .
+	docker tag $(ZEEK_IMAGE) zeek:latest
 
 test:
 	@TEST_TAG=zeek:$(VERSION) $(MAKE) -C btest
diff --git a/docker/README b/docker/README
index 8d3280f161..ae0011d747 100644
--- a/docker/README
+++ b/docker/README
@@ -1,19 +1,28 @@
 Container image for Zeek
 ========================
 
-This directory contains a minimal container image for Zeek. This image is
-published automatically to [DockerHub](https://hub.docker.com/u/zeekurity) for
+This directory allows building a minimal container image for Zeek. This image is
+published automatically to [DockerHub](https://hub.docker.com/u/zeek) for
 releases and for commits on the `master` branch.
 
 - Images for release are published as
-  [`zeekurity/zeek`](https://hub.docker.com/r/zeekurity/zeek) with the `latest`
+  [`zeek/zeek`](https://hub.docker.com/r/zeek/zeek) with the `latest`
   tag pointing to the latest release.
 - Development images for the `master` branch are published as
-  [`zeekurity/zeek-dev`](https://hub.docker.com/r/zeekurity/zeek-dev).
+  [`zeek/zeek-dev`](https://hub.docker.com/r/zeek/zeek-dev).
 
+These images are also pushed to Amazon ECR Public Gallery under
+the [Zeek Project](https://gallery.ecr.aws/zeek).
 
 To run the image execute e.g.,:
 
-    docker run -it zeekurity/zeek
+    docker run -it zeek/zeek
 
 To build the image execute `make` from this directory.
+
+CI
+--
+
+Note, the image build process on Cirrus CI is not using the Makefile,
+but instead open-codes the invocation due to leveraging Cirrus CI caching
+and ccache heavily.
diff --git a/docker/btest/Baseline/docker.structure_tests/output b/docker/btest/Baseline/docker.structure_tests/output
index 0c8a07377a..9caa011cea 100644
--- a/docker/btest/Baseline/docker.structure_tests/output
+++ b/docker/btest/Baseline/docker.structure_tests/output
@@ -1,5 +1,6 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 zeek version xxx
+zeek version xxx
 XXX
 [sources]
 zeek = https://github.com/zeek/packages
diff --git a/docker/btest/docker/structure_tests.sh b/docker/btest/docker/structure_tests.sh
index 17a54aa86d..0a890a3488 100644
--- a/docker/btest/docker/structure_tests.sh
+++ b/docker/btest/docker/structure_tests.sh
@@ -7,6 +7,9 @@ TEST_TAG=${TEST_TAG:-zeek:latest}
 # Check that `zeek` can be run.
 docker run --rm "${TEST_TAG}" zeek -v | sed 's/\(zeek version\) .*/\1 xxx/'
 
+# ...and load and execute some basic scripts, too.
+docker run --rm "${TEST_TAG}" zeek -e 'print fmt("zeek version %s", zeek_version())' | sed 's/\(zeek version\) .*/\1 xxx/'
+
 # Check that this is a release build.
 docker run --rm "${TEST_TAG}" zeek-config --build_type | grep -q 'release'