diff --git a/apps/k8s01/syncthing/syncthing.yaml b/apps/k8s01/syncthing/syncthing.yaml
index e56e0cead3a99271b1c66d2f4d434a63dd99b33d..ac8361ab5743ab66336d7a3b3393ed245c3d2a46 100644
--- a/apps/k8s01/syncthing/syncthing.yaml
+++ b/apps/k8s01/syncthing/syncthing.yaml
@@ -53,6 +53,17 @@ spec:
           httpGet:
             path: /rest/noauth/health 
             port: web
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        seccompProfile:
+          type: RuntimeDefault
   volumeClaimTemplates:
     - metadata:
         name: storage