diff --git a/installation/kubernetes/helm/vmclarity/README.md b/installation/kubernetes/helm/vmclarity/README.md
index 11700ebe6..fbd82ca3a 100644
--- a/installation/kubernetes/helm/vmclarity/README.md
+++ b/installation/kubernetes/helm/vmclarity/README.md
@@ -304,7 +304,7 @@ secrets.
 | ui.image.registry | string | `"ghcr.io"` | UI image registry |
 | ui.image.repository | string | `"openclarity/vmclarity-ui"` | UI image repository |
 | ui.image.tag | string | `"latest"` | UI image tag |
-| ui.podSecurityContext.enabled | bool | `false` | Pod security context enabled |
+| ui.podSecurityContext.enabled | bool | `true` | Pod security context enabled |
 | ui.podSecurityContext.fsGroup | int | `101` | Pod security context fsGroup |
 | ui.replicas | int | `1` | Number of replicas for the UI service |
 | ui.resources.limits | object | `{}` | The resources limits for the UI containers |
diff --git a/installation/kubernetes/helm/vmclarity/templates/ui/deployment.yaml b/installation/kubernetes/helm/vmclarity/templates/ui/deployment.yaml
index 584469e0f..4f91c0a8b 100644
--- a/installation/kubernetes/helm/vmclarity/templates/ui/deployment.yaml
+++ b/installation/kubernetes/helm/vmclarity/templates/ui/deployment.yaml
@@ -38,9 +38,13 @@ spec:
               name: tmpfs-1
             - mountPath: /var/cache/nginx
               name: tmpfs-2
+            - mountPath: /tmp
+              name: tmpfs-3
       volumes:
         - name: tmpfs-1
           emptyDir: {}
         - name: tmpfs-2
           emptyDir: {}
+        - name: tmpfs-3
+          emptyDir: {}
       serviceAccountName: {{ include "vmclarity.ui.serviceAccountName" . }}
diff --git a/installation/kubernetes/helm/vmclarity/values.yaml b/installation/kubernetes/helm/vmclarity/values.yaml
index e5491f134..f14ad3b90 100644
--- a/installation/kubernetes/helm/vmclarity/values.yaml
+++ b/installation/kubernetes/helm/vmclarity/values.yaml
@@ -259,7 +259,7 @@ ui:
 
   podSecurityContext:
     # -- Pod security context enabled
-    enabled: false
+    enabled: true
     # -- Pod security context fsGroup
     fsGroup: 101
 
diff --git a/ui/Dockerfile b/ui/Dockerfile
index 8ea8200ab..993a4070a 100644
--- a/ui/Dockerfile
+++ b/ui/Dockerfile
@@ -20,7 +20,7 @@ RUN --mount=type=cache,target=/src/ui/node_modules \
 RUN --mount=type=cache,target=/src/ui/node_modules \
     npm run build --prefix /src/ui
 
-FROM nginx:1.27.0@sha256:6af79ae5de407283dcea8b00d5c37ace95441fd58a8b1d2aa1ed93f5511bb18c
+FROM nginxinc/nginx-unprivileged:1.27.0
 
 COPY --from=site-build ["/src/ui/build", "/usr/share/nginx/html"]