diff --git a/examples/trivy.go b/examples/trivy.go
index 55ce425..5afe2fd 100644
--- a/examples/trivy.go
+++ b/examples/trivy.go
@@ -72,7 +72,6 @@ func main() {
 	printArtifacts(artifacts)
 
 	// collect node info
-
 	ar, err := trivyk8s.ListArtifactAndNodeInfo(ctx)
 	if err != nil {
 		log.Fatal(err)
diff --git a/pkg/jobs/builder_test.go b/pkg/jobs/builder_test.go
index a53783c..7bae5f1 100644
--- a/pkg/jobs/builder_test.go
+++ b/pkg/jobs/builder_test.go
@@ -7,7 +7,9 @@ import (
 	"github.com/stretchr/testify/assert"
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/pointer"
 )
 
 func TestLoadBuilder(t *testing.T) {
@@ -28,9 +30,38 @@ func TestLoadBuilder(t *testing.T) {
 					Template: corev1.PodTemplateSpec{
 						ObjectMeta: v1.ObjectMeta{Labels: map[string]string{"app": "node-collector"}},
 						Spec: corev1.PodSpec{
+							DNSPolicy:                    corev1.DNSClusterFirst,
+							AutomountServiceAccountToken: pointer.Bool(true),
+							SecurityContext: &corev1.PodSecurityContext{
+								RunAsGroup: pointer.Int64(0),
+								RunAsUser:  pointer.Int64(0),
+								SeccompProfile: &corev1.SeccompProfile{
+									Type: corev1.SeccompProfileTypeRuntimeDefault,
+								},
+							},
 							HostPID: true,
 							Containers: []corev1.Container{
 								{
+									Resources: corev1.ResourceRequirements{
+										Limits: corev1.ResourceList{
+											corev1.ResourceCPU:    resource.MustParse("300m"),
+											corev1.ResourceMemory: resource.MustParse("300M"),
+										},
+										Requests: corev1.ResourceList{
+											corev1.ResourceCPU:    resource.MustParse("50m"),
+											corev1.ResourceMemory: resource.MustParse("50M"),
+										},
+									},
+									SecurityContext: &corev1.SecurityContext{
+										AllowPrivilegeEscalation: pointer.Bool(false),
+										Capabilities: &corev1.Capabilities{
+											Drop: []corev1.Capability{
+												"all",
+											},
+										},
+										Privileged:             pointer.Bool(false),
+										ReadOnlyRootFilesystem: pointer.Bool(true),
+									},
 									Name:    "node-collector",
 									Image:   "ghcr.io/aquasecurity/node-collector:0.0.5",
 									Command: []string{"node-collector"},
@@ -65,11 +96,6 @@ func TestLoadBuilder(t *testing.T) {
 											MountPath: "/lib/systemd/",
 											ReadOnly:  true,
 										},
-										{
-											Name:      "srv-kubernetes",
-											MountPath: "/srv/kubernetes/",
-											ReadOnly:  true,
-										},
 										{
 											Name:      "etc-kubernetes",
 											MountPath: "/etc/kubernetes",
@@ -93,7 +119,7 @@ func TestLoadBuilder(t *testing.T) {
 									},
 								},
 							},
-							RestartPolicy: "Never",
+							RestartPolicy: corev1.RestartPolicyNever,
 							Volumes: []corev1.Volume{
 								{
 									Name:         "var-lib-etcd",
@@ -119,10 +145,6 @@ func TestLoadBuilder(t *testing.T) {
 									Name:         "lib-systemd",
 									VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/lib/systemd"}},
 								},
-								{
-									Name:         "srv-kubernetes",
-									VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/srv/kubernetes"}},
-								},
 								{
 									Name:         "etc-kubernetes",
 									VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/etc/kubernetes"}},
diff --git a/pkg/jobs/template/node-collector.yaml b/pkg/jobs/template/node-collector.yaml
index e36f51f..3601535 100644
--- a/pkg/jobs/template/node-collector.yaml
+++ b/pkg/jobs/template/node-collector.yaml
@@ -9,12 +9,28 @@ spec:
       labels:
         app: node-collector
     spec:
+      dnsPolicy: ClusterFirst
       hostPID: true
+      automountServiceAccountToken: true
       containers:
         - name: node-collector
           image: ghcr.io/aquasecurity/node-collector:0.0.5
           command:
             - node-collector
+          resources:
+            limits:
+              cpu: 300m
+              memory: 300M
+            requests:
+              cpu: 50m
+              memory: 50M
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - all
+            privileged: false
+            readOnlyRootFilesystem: true
           volumeMounts:
             - name: var-lib-etcd
               mountPath: /var/lib/etcd
@@ -34,9 +50,6 @@ spec:
             - name: lib-systemd
               mountPath: /lib/systemd/
               readOnly: true
-            - name: srv-kubernetes
-              mountPath: /srv/kubernetes/
-              readOnly: true
             - name: etc-kubernetes
               mountPath: /etc/kubernetes
               readOnly: true
@@ -50,6 +63,11 @@ spec:
               mountPath: /opt/cni/bin/
               readOnly: true
       restartPolicy: Never
+      securityContext:
+        runAsGroup: 0
+        runAsUser: 0
+        seccompProfile:
+          type: RuntimeDefault
       volumes:
         - name: var-lib-etcd
           hostPath:
@@ -69,9 +87,6 @@ spec:
         - name: lib-systemd
           hostPath:
             path: /lib/systemd
-        - name: srv-kubernetes
-          hostPath:
-            path: /srv/kubernetes
         - name: etc-kubernetes
           hostPath:
             path: /etc/kubernetes