diff --git a/Dockerfile b/Dockerfile
index 78eefa18..d7f54977 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,6 +11,7 @@ ENV TOOLS_JSON=/root/tools.json
 
 COPY tools.json ${TOOLS_JSON}
 COPY tools.php /usr/local/bin/tools.php
+COPY install-composer.sh /usr/local/bin/install-composer.sh
 
 RUN apt-get update && apt-get install -y --no-install-recommends $TOOL_DEPS $BUILD_DEPS $LIB_DEPS && rm -rf /var/lib/apt/lists/* \
  && git clone https://github.com/nikic/php-ast.git && cd php-ast && phpize && ./configure && make && make install && cd .. && rm -rf php-ast && docker-php-ext-enable ast \
diff --git a/Dockerfile-alpine b/Dockerfile-alpine
index d26b7f0e..030bcebe 100644
--- a/Dockerfile-alpine
+++ b/Dockerfile-alpine
@@ -11,6 +11,7 @@ ENV TOOLS_JSON=/root/tools.json
 
 COPY tools.json ${TOOLS_JSON}
 COPY tools.php /usr/local/bin/tools.php
+COPY install-composer.sh /usr/local/bin/install-composer.sh
 
 RUN apk add --no-cache --virtual .tool-deps $TOOL_DEPS $LIB_DEPS \
  && apk add --no-cache --virtual .build-deps $BUILD_DEPS \
diff --git a/install-composer.sh b/install-composer.sh
new file mode 100755
index 00000000..809c1630
--- /dev/null
+++ b/install-composer.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+EXPECTED_SIGNATURE=$(curl -Ls https://composer.github.io/installer.sig)
+php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', 'composer-setup.php');")
+
+if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
+then
+    >&2 echo 'ERROR: Invalid installer signature'
+    rm composer-setup.php
+    exit 1
+fi
+
+php composer-setup.php --quiet --install-dir=/usr/local/bin --filename=composer
+RESULT=$?
+rm composer-setup.php
+exit $RESULT
+
diff --git a/tools.php b/tools.php
index cc65fca6..715bd2fc 100644
--- a/tools.php
+++ b/tools.php
@@ -478,7 +478,7 @@ function LoadTools(string $source): PleaseTry
                 'composer',
                 'Dependency Manager for PHP',
                 'https://getcomposer.org/',
-                new ShCommand('curl -Ls https://getcomposer.org/composer.phar > /usr/local/bin/composer && chmod +x /usr/local/bin/composer'),
+                new ShCommand('/usr/local/bin/install-composer.sh'),
                 new TestCommand('composer list', 'composer')
             ),
             new Tool(