diff --git a/Security_Containers/crowdsec/compose.yaml b/Security_Containers/crowdsec/compose.yaml
index bdd5c8b..1951199 100644
--- a/Security_Containers/crowdsec/compose.yaml
+++ b/Security_Containers/crowdsec/compose.yaml
@@ -1,37 +1,54 @@
 services:
   crowdsec:
-    image: crowdsecurity/crowdsec:latest
+    image: crowdsecurity/crowdsec:v1.6.8
     container_name: crowdsec
+    security_opt:
+      - no-new-privileges:true
     environment:
-      GID: "${GID-1000}"
+      GID: "${GID}"
       COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik"
     volumes:
-      - ./acquis.yaml:/etc/crowdsec/acquis.yaml
+      - ./acquis.yaml:/etc/crowdsec/acquis.yaml:ro
+      - /srv/docker/crowdsec/crowdsec-config:/etc/crowdsec/:ro
+      - /srv/docker/crowdsec/crowdsec-config/online_api_credentials.yaml:/etc/crowdsec/online_api_credentials.yaml:rw
+      - /srv/docker/crowdsec/crowdsec-config/local_api_credentials.yaml:/etc/crowdsec/local_api_credentials.yaml:rw
       - /srv/docker/crowdsec/crowdsec-db:/var/lib/crowdsec/data/
-      - /srv/docker/crowdsec/crowdsec-config:/etc/crowdsec/
       - traefik_traefik-logs:/var/log/traefik/:ro
     labels:
       - "traefik.enable=false"
     networks:
       - traefik_network
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "cscli", "version"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
 
   bouncer-traefik:
-    image: docker.io/fbonalair/traefik-crowdsec-bouncer:latest
+    image: ghcr.io/crowdsecurity/traefik-bouncer:latest
     container_name: bouncer-traefik
+    security_opt:
+      - no-new-privileges:true
     environment:
       CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_BOUNCER_API_KEY}
       CROWDSEC_AGENT_HOST: crowdsec:8080
     networks:
-      - traefik_network # same network as traefik + crowdsec
+      - traefik_network
     depends_on:
-      - crowdsec
+      crowdsec:
+        condition: service_healthy
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://localhost:8080/api/v1/ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
 
 networks:
   traefik_network:
     external: true
 
 volumes:
-  traefik_traefik-logs: # this will be the name of the volume from traefik logs
-    external: true # remove if traefik is running on same stack
\ No newline at end of file
+  traefik_traefik-logs:
+    external: true
\ No newline at end of file