diff --git a/.checkov.yaml b/.checkov.yaml
index 1c02b14..71b37f6 100644
--- a/.checkov.yaml
+++ b/.checkov.yaml
@@ -9,3 +9,5 @@ skip-check:
   - CKV_K8S_14  # Image tag should be fixed (same as above)
   - CKV_K8S_22  # Read-only filesystem (IRC apps need to write to volumes)
   - CKV_K8S_40  # Containers should run as high UID (ZNC LinuxServer container needs flexibility)
+  - CKV_K8S_23  # Minimize admission of root containers (ZNC requires root for s6-overlay init)
+  - CKV_K8S_20  # Containers should not run with allowPrivilegeEscalation (ZNC needs init flexibility)