diff --git a/.drone.yml b/.drone.yml
index e287490..39d7a75 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -4,7 +4,6 @@ name: conftest
 steps:
 - name: policies
   image: instrumenta/conftest:latest
-  failure: ignore
   commands:
   - conftest test -p ./_test/policies ./
 - name: deprek8
diff --git a/_test/policies/deployment.rego b/_test/policies/deployment.rego
index 024424b..b1c4d36 100644
--- a/_test/policies/deployment.rego
+++ b/_test/policies/deployment.rego
@@ -1,12 +1,12 @@
 package main
 
-deny[msg] {
+warn[msg] {
   input.kind = "Deployment"
   not input.spec.template.spec.securityContext.runAsNonRoot = true
   msg = "Containers must not run as root"
 }
 
-deny[msg] {
+warn[msg] {
   input.kind = "Deployment"
   not input.spec.selector.matchLabels.app
   msg = "Containers must provide app label for pod selectors"