diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 48ac28cc..cf3fd289 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -3,12 +3,13 @@ FROM quay.io/fedora/fedora:37
 ARG POETRY_VERSION=1.7.1
 
 RUN dnf -y update && \
-    yum -y reinstall shadow-utils && \
-    yum install -y git \
+    dnf -y reinstall shadow-utils && \
+    dnf install -y git \
                    python3 \
                    python3-pip \
                    python3-devel \
                    gcc-c++ && \
+    dnf clean all && \
     rm -rf /var/cache /var/log/dnf* /var/log/yum.*
 
 RUN useradd -u 1000 complyscribe
diff --git a/Dockerfile b/Dockerfile
index ba9f4a8e..0f3dca3e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -67,5 +67,7 @@ COPY ./actions/sync-upstreams/sync-upstreams-entrypoint.sh /
 
 RUN chmod +x /auto-sync-entrypoint.sh /rules-transform-entrypoint.sh /create-cd-entrypoint.sh /sync-upstreams-entrypoint.sh
 
+USER 1001
+
 ENTRYPOINT ["python3.9", "-m" , "complyscribe"]
 CMD ["--help"]
diff --git a/tests/e2e/play-kube.yml b/tests/e2e/play-kube.yml
index 8b3c370c..afa4b816 100644
--- a/tests/e2e/play-kube.yml
+++ b/tests/e2e/play-kube.yml
@@ -6,11 +6,15 @@ metadata:
   labels:
     app: complyscribe-e2e
 spec:
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 1001
   containers:
     - name: mock-server-container
       image: localhost/mock-server:latest
       securityContext:
         allowPrivilegeEscalation: false
+        readOnlyRootFilesystem: true
         capabilities:
           drop:
             - ALL
@@ -18,3 +22,9 @@ spec:
             - NET_BIND_SERVICE
       ports:
         - containerPort: 8080
+      volumeMounts:
+        - name: tmp
+          mountPath: /home/wiremock
+  volumes:
+    - name: tmp
+      emptyDir: {}