Security-Hub yml file

networks:
  secureable:
  traefik:
    external: true
services:
  _init:
    image: docker.cloudsmith.io/v2/buildone/secureable/secureable-init:${VERSION}
    volumes:
      - init:/sql
  db:
    depends_on:
      - _init
    environment:
      - POSTGRES_PASSWORD=${SECUREABLE_DB_USER}
      - POSTGRES_USER=${SECUREABLE_DB_PASSWORD}
    healthcheck:
      interval: 1s
      retries: 5
      test: ["CMD-SHELL", "pg_isready -U ${SECUREABLE_DB_USER} && psql -d postgres -U admin < /sql/20210812171524-init-up.sql > /dev/null"]
      timeout: 2s
    image: postgres:14-alpine
    networks:
      secureable:
    volumes:
      - pg_data:/var/lib/postgresql/data
      - backup:/workspace/data/backup
      - init:/sql
  redis:
    image: redis:alpine
    networks:
      secureable:
  secureable:
    depends_on:
      vault:
        condition: service_healthy
    environment:
      - SECUREABLE_VAULT_HOST=vault
      - SECUREABLE_REDIS_HOST=redis
      - SECUREABLE_DB_HOST=db
      - SECUREABLE_DB_USER=${SECUREABLE_DB_USER}
      - STACK=${STACK}
      - SECUREABLE_DB_PASSWORD=${SECUREABLE_DB_PASSWORD}
    image: docker.cloudsmith.io/v2/buildone/secureable/secureable:${VERSION}
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.${STACK}-secureable.rule=Host(`${STACK}.${DOMAIN:-demo.build.one}`)"
      - "traefik.http.routers.${STACK}-secureable.entrypoints=websecure"
      - "traefik.http.routers.${STACK}-secureable.tls.certresolver=myresolver"
      - "traefik.http.services.${STACK}-secureable.loadbalancer.server.port=3000"
    networks:
      secureable:
      traefik:
    restart: unless-stopped
  vault:
    cap_add:
      - IPC_LOCK
    depends_on:
      db:
        condition: service_healthy
    environment:
      - VAULT_ADDR=http://127.0.0.1:8200
      - VAULT_DISABLE_MLOCK=true
      - SECUREABLE_DB_URL=postgres://${SECUREABLE_DB_USER}:${SECUREABLE_DB_PASSWORD}@${SECUREABLE_DB_HOST:-db}:5432/${SECUREABLE_DB_NAME:-postgres}?sslmode=disable
    healthcheck:
      interval: 1s
      retries: 10
      start_period: 1s
      test: "wget --spider http://127.0.0.1:${VAULT_PORT:-8200} || exit 1"
      timeout: 10s
    image: docker.cloudsmith.io/v2/buildone/secureable/vault:1.11.2
    networks:
      secureable:
  wait:
    depends_on:
      vault:
        condition: service_healthy
    image: hello-world
version: "3.7"
volumes:
  backup:
  data:
  init:
  pg_data: