diff --git a/devops/gc/deploy/templates/deploy-bootstrap.yaml b/devops/gc/deploy/templates/deploy-bootstrap.yaml
index d73892e207baf7ae06c03664ff08ec0eee4ede0c..28fa160e0ac657de2f196505ddad1063ba841f67 100644
--- a/devops/gc/deploy/templates/deploy-bootstrap.yaml
+++ b/devops/gc/deploy/templates/deploy-bootstrap.yaml
@@ -32,5 +32,8 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ printf "%s-bootstrap" .Values.conf.configmap | quote }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
       restartPolicy: Always
       serviceAccountName: {{ printf "%s-bootstrap" .Values.data.serviceAccountName | quote }}
diff --git a/devops/gc/deploy/templates/deploy.yaml b/devops/gc/deploy/templates/deploy.yaml
index 15becaf116bc14fa03cd09cbe1600c503ca5cdff..1e875546d39fca96b3b6e28bd49be24390b0e6f8 100644
--- a/devops/gc/deploy/templates/deploy.yaml
+++ b/devops/gc/deploy/templates/deploy.yaml
@@ -33,7 +33,7 @@ spec:
           {{- end }}
           securityContext:
             allowPrivilegeEscalation: false
-            runAsUser: 0
+            runAsNonRoot: true
           ports:
             - containerPort: 8080
           resources:
diff --git a/provider/partition-gc/bootstrap/Dockerfile b/provider/partition-gc/bootstrap/Dockerfile
index b270902de1dab8a194328b3e0bf7884b085e1f93..db30642df6c2ec6d2a7088d4cda9b0246ac4e97c 100644
--- a/provider/partition-gc/bootstrap/Dockerfile
+++ b/provider/partition-gc/bootstrap/Dockerfile
@@ -1,14 +1,13 @@
 FROM alpine
-
 WORKDIR /opt
-
 COPY ./provider/partition-gc/bootstrap/ /opt/
-
 ENV PREFIX=$(pwd)
-
 RUN apk update && apk add \
     bash \
     curl \
     && chmod 775 bootstrap_partition.sh
-
+RUN addgroup -g 10001 -S nonroot \
+  && adduser -h /opt -G nonroot -S -u 10001 nonroot
+RUN chown -R 10001:10001 /opt
+USER 10001:10001
 CMD ["/bin/bash", "-c", "./bootstrap_partition.sh && sleep 365d"]
diff --git a/provider/partition-gc/cloudbuild/Dockerfile.cloudbuild b/provider/partition-gc/cloudbuild/Dockerfile.cloudbuild
index 53f6b70bfa787a824ba98005f0c174f7ea0706bc..dbc4eaacb03e2208dc8825f6109371e024051d4e 100644
--- a/provider/partition-gc/cloudbuild/Dockerfile.cloudbuild
+++ b/provider/partition-gc/cloudbuild/Dockerfile.cloudbuild
@@ -6,6 +6,10 @@ ARG PORT
 ENV PORT $PORT
 # Copy the jar to the production image from the builder stage.
 COPY provider/partition-${PROVIDER_NAME}/target/partition-${PROVIDER_NAME}-*-spring-boot.jar partition-${PROVIDER_NAME}.jar
+# Add a non-root user
+RUN groupadd -g 10001 -r nonroot \
+  && useradd -g 10001 -r -u 10001 nonroot
+# Run as non-root user
+USER 10001:10001
 # Run the web service on container startup.
 CMD java -Djava.security.egd=file:/dev/./urandom -Dserver.port=${PORT} -Dlog4j.formatMsgNoLookups=true -jar /app/partition-${PROVIDER_NAME}.jar
-