diff --git a/devops/gc/deploy/templates/deployment.yaml b/devops/gc/deploy/templates/deployment.yaml
index 087defddb7bb2395785d7e3a4989575795640c89..aa56b13c912ac72a043b93a9bfcbef9e4aa02823 100644
--- a/devops/gc/deploy/templates/deployment.yaml
+++ b/devops/gc/deploy/templates/deployment.yaml
@@ -51,7 +51,7 @@ spec:
         {{- end }}
         securityContext:
           allowPrivilegeEscalation: false
-          runAsUser: 0
+          runAsNonRoot: true
         ports:
         - containerPort: 8080
         resources:
diff --git a/provider/storage-gc/cloudbuild/Dockerfile.cloudbuild b/provider/storage-gc/cloudbuild/Dockerfile.cloudbuild
index ce75d649fbfab4c446db59575da278ccd63a308a..b00b361bf60ef217f0c0f74a01ad04e0d3715180 100644
--- a/provider/storage-gc/cloudbuild/Dockerfile.cloudbuild
+++ b/provider/storage-gc/cloudbuild/Dockerfile.cloudbuild
@@ -11,5 +11,11 @@ ENV PORT $PORT
 # Copy the jar to the production image from the builder stage.
 COPY provider/storage-${PROVIDER_NAME}/target/storage-${PROVIDER_NAME}-*-spring-boot.jar storage-${PROVIDER_NAME}.jar
 
+# Add a non-root user
+RUN groupadd -g 10001 -r nonroot \
+  && useradd -g 10001 -r -u 10001 nonroot
+# Run as non-root user
+USER 10001:10001
+
 # Run the web service on container startup.
 CMD java -Djava.security.egd=file:/dev/./urandom -Dserver.port=${PORT} -Dlog4j.formatMsgNoLookups=true -jar /app/storage-${PROVIDER_NAME}.jar