diff --git a/tasks/git-clone-checkout/task.yaml b/tasks/git-clone-checkout/task.yaml
index 5b40973..cee7620 100644
--- a/tasks/git-clone-checkout/task.yaml
+++ b/tasks/git-clone-checkout/task.yaml
@@ -103,7 +103,12 @@ spec:
         value: $(workspaces.ssl-ca-directory.path)
       securityContext:
         runAsNonRoot: true
-        runAsUser: 65532
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
+        seccompProfile:
+          type: RuntimeDefault
       script: |
         #!/usr/bin/env sh
         set -eu