From ab1659d34fa08756eaa5b70871b862eee3f6cf10 Mon Sep 17 00:00:00 2001
From: BAK BYEONG JUN <richard.bak@loafle.com>
Date: Tue, 8 Apr 2025 18:45:47 +0000
Subject: [PATCH] init

---
 tasks/git-clone-checkout/task.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tasks/git-clone-checkout/task.yaml b/tasks/git-clone-checkout/task.yaml
index 54532b1..fc3d070 100644
--- a/tasks/git-clone-checkout/task.yaml
+++ b/tasks/git-clone-checkout/task.yaml
@@ -58,6 +58,8 @@ spec:
       type: string
       default: "/home/git"
 
+
+
   steps:
     - name: clone-checkout
       image: $(params.gitInitImage)
@@ -66,6 +68,16 @@ spec:
         #!/usr/bin/env sh
         set -eu
 
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+          - "ALL"
+        runAsUser: 65532
+        runAsGroup: 65532
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault