diff --git a/argocd/apps/prometheus/prometheus.yaml b/argocd/apps/prometheus/prometheus.yaml
index f6a4bcd..a665006 100644
--- a/argocd/apps/prometheus/prometheus.yaml
+++ b/argocd/apps/prometheus/prometheus.yaml
@@ -61,6 +61,22 @@ spec:
           enabled: true
           service:
             type: ClusterIP
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 65534
+            runAsGroup: 65534
+            fsGroup: 65534
+            seccompProfile:
+              type: RuntimeDefault
+          containerSecurityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 65534
+            runAsGroup: 65534
+            capabilities:
+              drop:
+                - ALL
   
   destination:
     server: https://kubernetes.default.svc