diff --git a/devops/gc/deploy/templates/deployment.yaml b/devops/gc/deploy/templates/deployment.yaml
index 19099e3c38b789a3e5e17ff2792097c67ca3deb6..54d5c2a757d4b79d356db7431bfe4cd2691aa18d 100644
--- a/devops/gc/deploy/templates/deployment.yaml
+++ b/devops/gc/deploy/templates/deployment.yaml
@@ -43,7 +43,7 @@ spec:
                 key: REDIS_PASSWORD
           securityContext:
             allowPrivilegeEscalation: false
-            runAsUser: 0
+            runAsNonRoot: true
           ports:
             - containerPort: 8080
           resources:
diff --git a/provider/search-gc/cloudbuild/Dockerfile.cloudbuild b/provider/search-gc/cloudbuild/Dockerfile.cloudbuild
index fdd49b81681dcff310a815e684a66d592940851b..7de1fc9e4a27a9c2827865eb0fbd2f0c3b06a9ab 100644
--- a/provider/search-gc/cloudbuild/Dockerfile.cloudbuild
+++ b/provider/search-gc/cloudbuild/Dockerfile.cloudbuild
@@ -6,5 +6,10 @@ ARG PORT
 ENV PORT $PORT
 # Copy the jar to the production image from the builder stage.
 COPY provider/search-${PROVIDER_NAME}/target/search-${PROVIDER_NAME}-*-spring-boot.jar search-${PROVIDER_NAME}.jar
+# Add a non-root user
+RUN groupadd -g 10001 -r nonroot \
+  && useradd -g 10001 -r -u 10001 nonroot
+# Run as non-root user
+USER 10001:10001
 # Run the web service on container startup.
 CMD java -Djava.security.egd=file:/dev/./urandom -Dserver.port=${PORT} -Dlog4j.formatMsgNoLookups=true -jar /app/search-${PROVIDER_NAME}.jar