diff --git a/charts/shipyard/templates/deployment-shipyard.yaml b/charts/shipyard/templates/deployment-shipyard.yaml
index a8cb104c..ba50073f 100644
--- a/charts/shipyard/templates/deployment-shipyard.yaml
+++ b/charts/shipyard/templates/deployment-shipyard.yaml
@@ -40,6 +40,7 @@ spec:
         airflow-configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         airflow-configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
+{{ dict "envAll" $envAll "application" "shipyard" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
       nodeSelector:
         {{ .Values.labels.shipyard.node_selector_key }}: {{ .Values.labels.shipyard.node_selector_value }}
@@ -57,6 +58,7 @@ spec:
           image: {{ .Values.images.tags.shipyard }}
           imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.shipyard_api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "shipyard" "container" "shipyard_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           ports:
             - containerPort: {{ tuple "shipyard" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
           livenessProbe:
@@ -95,6 +97,7 @@ spec:
           image: {{ .Values.images.tags.airflow }}
           imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.airflow.web | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "shipyard" "container" "airflow_web" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           env:
           - name: AIRFLOW_CONN_AIRFLOWS_OWN_DB
             valueFrom:
diff --git a/charts/shipyard/values.yaml b/charts/shipyard/values.yaml
index 03c3670d..db655763 100644
--- a/charts/shipyard/values.yaml
+++ b/charts/shipyard/values.yaml
@@ -678,6 +678,16 @@ conf:
       #Shipyard is not using this
     # End of Airflow config options
 pod:
+  security_context:
+    shipyard:
+      pod:
+        runAsUser: 1000
+      container:
+        shipyard_api:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+        airflow_web:
+          allowPrivilegeEscalation: false
   mounts:
     airflow_scheduler:
       # TODO: This is only used if the standalone scheduler is enabled.