services:
  docker-bench-security:
      # use image if you have a dedicated build step:
      #   docker build --rm -t docker-bench-security .
      # image: docker-bench-security

      # use build path to Dockerfile if docker-compose should build the image
      build: .

      cap_add:
          - audit_control
      labels:
          - docker_bench_security
      pid: host
      stdin_open: true
      tty: true
      volumes:
          - /var/lib:/var/lib:ro
          - /var/run/docker.sock:/var/run/docker.sock:ro
          - /usr/lib/systemd:/usr/lib/systemd:ro
          - /etc:/etc:ro