diff --git a/config/registry_image_pruner/cronjob.yaml b/config/registry_image_pruner/cronjob.yaml
index c1ec828..d7b2c5b 100644
--- a/config/registry_image_pruner/cronjob.yaml
+++ b/config/registry_image_pruner/cronjob.yaml
@@ -2,8 +2,6 @@ apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: image-pruner-cronjob
-  annotations:
-    ignore-check.kube-linter.io/no-read-only-root-fs: 'image pruner writes to disk'
 spec:
   schedule: "0 0 * * *"
   concurrencyPolicy: Forbid
@@ -40,6 +38,8 @@ spec:
               requests:
                 cpu: 150m
                 memory: 128Mi
+            securityContext:
+              readOnlyRootFilesystem: true
           restartPolicy: OnFailure
           securityContext:
             runAsNonRoot: true