diff --git a/woodpecker/woodpecker-agent.yml b/woodpecker/woodpecker-agent.yml
index 94dbe47..d081884 100644
--- a/woodpecker/woodpecker-agent.yml
+++ b/woodpecker/woodpecker-agent.yml
@@ -68,11 +68,12 @@ spec:
     spec:
       serviceAccountName: woodpecker-agent
       securityContext:
-        {}
+        runAsNonRoot: true
+        runAsUser: 1000
       containers:
         - name: agent
           securityContext:
-            {}
+            readOnlyRootFilesystem: false
           image: woodpeckerci/woodpecker-agent:next@sha256:703480d98991bb80ee86aa081a7a9db7d4346b9d5bdeaa3f92688d195cd36800
           ports:
             - name: http