diff --git a/CHANGELOG.md b/CHANGELOG.md
index 23d1fa4..0b94823 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - Ignore CVE-2023-3978 & CVE-2023-29401.
+- Fix security issues reported by kyverno policies.
 
 ## [0.1.0] - 2023-05-09
 
diff --git a/helm/cluster-api-cleaner-vsphere/values.yaml b/helm/cluster-api-cleaner-vsphere/values.yaml
index 89c1209..3c88fe2 100644
--- a/helm/cluster-api-cleaner-vsphere/values.yaml
+++ b/helm/cluster-api-cleaner-vsphere/values.yaml
@@ -17,10 +17,15 @@ pod:
 
 # Add seccomp to pod security context
 podSecurityContext:
+  runAsNonRoot: true
   seccompProfile:
     type: RuntimeDefault
 
 # Add seccomp to container security context
 securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
   seccompProfile:
     type: RuntimeDefault