diff --git a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
index d72900a95605c2ef9ca806c844dc60ec5d8536a3..7b781db234cc49b6d4924a4935bd9b20b80e2862 100644
--- a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
+++ b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
@@ -94,6 +94,11 @@ spec:
mountPath: "/workspace/keystore/xta-keystore.p12"
subPath: file
readOnly: true
+ securityContext:
+ allowPrivilegeEscalation: false
+ privileged: false
+ readOnlyRootFilesystem: false
+ runAsNonRoot: false
volumes:
- name: bindings
configMap:
diff --git a/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml b/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml
index 0d9342a41870b9a8504facb042a5d7e8ef55b4f2..3e0ec759c0446fb34062e1934d8dc7bd775225e9 100644
--- a/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml
+++ b/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml
@@ -83,4 +83,20 @@ tests:
asserts:
- equal:
path: spec.jobTemplate.spec.template.spec.containers[0].image
- value: "docker.ozg-sh.de/xta-adapter:9.9.99"
\ No newline at end of file
+ value: "docker.ozg-sh.de/xta-adapter:9.9.99"
+
+ - it: check securityContext
+ template: xta_adapter_cronjob.yaml
+ asserts:
+ - equal:
+ path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation
+ value: false
+ - equal:
+ path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.privileged
+ value: false
+ - equal:
+ path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+ value: false
+ - equal:
+ path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsNonRoot
+ value: false
\ No newline at end of file