version: '3'

services:
  docker-bench-security:
    image: docker/docker-bench-security
    container_name: docker-bench-security
    network_mode: host
    pid: host
    user: root
    cap_add:
      - audit_control
    environment:
      - DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST
    volumes:
      - /etc:/etc:ro
      - /lib/systemd/system:/lib/systemd/system:ro
      - /volume1/docker/containerd:/usr/bin/containerd:ro
      - //volume1/docker/containerd:/usr/bin/runc:ro
      - //volume1/docker/containerd:/usr/lib/systemd:ro
      - /var/lib:/var/lib:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
    labels:
      - docker_bench_security
