diff --git a/README.md b/README.md
index 56bfe5a..b13d4a8 100644
--- a/README.md
+++ b/README.md
@@ -43,6 +43,13 @@ docker run -it --net host --pid host --cap-add audit_control \
     docker-bench-security
 ```
 
+or use [Docker Compose](https://docs.docker.com/compose/):
+```sh
+git clone https://github.com/docker/docker-bench-security.git
+cd docker-bench-security
+docker-compose run --rm docker-bench-security
+```
+
 Also, this script can also be simply run from your base host by running:
 
 ```sh
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..c10a67c
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,21 @@
+docker-bench-security:
+    # use image if you have a dedicated build step:
+    #   docker build --rm -t docker-bench-security .
+    # image: docker-bench-security
+
+    # use build path to Dockerfile if docker-compose should build the image
+    build: .
+
+    cap_add:
+        - audit_control
+    labels:
+        - docker_bench_security
+    net: host
+    pid: host
+    stdin_open: true
+    tty: true
+    volumes:
+        - /var/lib:/var/lib
+        - /var/run/docker.sock:/var/run/docker.sock
+        - /usr/lib/systemd:/usr/lib/systemd
+        - /etc:/etc