diff --git a/tasks/git-clone-checkout/task.yaml b/tasks/git-clone-checkout/task.yaml
index 54532b1..fc3d070 100644
--- a/tasks/git-clone-checkout/task.yaml
+++ b/tasks/git-clone-checkout/task.yaml
@@ -58,6 +58,8 @@ spec:
       type: string
       default: "/home/git"
 
+
+
   steps:
     - name: clone-checkout
       image: $(params.gitInitImage)
@@ -66,6 +68,16 @@ spec:
         #!/usr/bin/env sh
         set -eu
 
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+          - "ALL"
+        runAsUser: 65532
+        runAsGroup: 65532
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault