diff --git a/Dockerfile b/Dockerfile
index 1e713afe29..4e4cf7f7f6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # The runatlantis/atlantis-base is created by docker-base/Dockerfile.
-FROM runatlantis/atlantis-base:latest
+FROM runatlantis/atlantis-base:v2.0
 LABEL authors="Anubhav Mishra, Luke Kysow"
 
 # install terraform binaries
diff --git a/helm/atlantis/templates/statefulset.yaml b/helm/atlantis/templates/statefulset.yaml
index f9cbe674bf..240c3de74c 100644
--- a/helm/atlantis/templates/statefulset.yaml
+++ b/helm/atlantis/templates/statefulset.yaml
@@ -23,7 +23,8 @@ spec:
         app: {{ template "atlantis.name" . }}
         release: {{ .Release.Name }}
     spec:
-      securityContext: {}
+      securityContext:
+        fsGroup: 1000
       volumes:
       {{- range $name, $_ := .Values.serviceAccountSecrets }}
       - name: {{ $name }}-volume
@@ -192,4 +193,4 @@ spec:
         requests:
           # The biggest thing Atlantis stores is the Git repo when it checks it out.
           # It deletes the repo after the pull request is merged.
-          storage: {{ .Values.atlantis_data_storage }}
\ No newline at end of file
+          storage: {{ .Values.atlantis_data_storage }}