diff --git a/.gitignore b/.gitignore
index 91d28ce..16ca233 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,9 @@ Cargo.lock
 # Best practice for something like this, the python scripts are not meant to be "deployed" from this repo state.
 poetry.lock
 
+binaryninja/
+*.dat
+
 # These are backup files generated by rustfmt
 **/*.rs.bk
 
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..4c08ce8
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,21 @@
+FROM rust:1.77 AS builder
+# The binaryninja-api commit to use, remember sigem is pulled from here.
+ARG COMMIT=30a0fbb5839b08dc58efe602a5cd19c90fbd4c50
+# Copy the binja install. This won't be included in the final image.
+COPY ./binaryninja /binaryninja
+ENV BINARYNINJADIR=/binaryninja
+# Clone the binaryninja-api repo where `sigem` lives.
+RUN apt-get update && apt-get install -y git libclang-dev
+RUN git clone https://github.com/Vector35/binaryninja-api /binaryninja-api \
+    && cd /binaryninja-api \
+    && git checkout $COMMIT
+# Install sigem
+RUN cargo install --path /binaryninja-api/plugins/warp/ --bin sigem
+
+FROM ubuntu:24.10 AS runner
+# Copy sigem binary over
+COPY --from=builder /usr/local/cargo/bin/sigem /usr/local/bin/sigem
+# Copy in the entrypoint (what sets up the environment)
+COPY ./entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
new file mode 100644
index 0000000..d326117
--- /dev/null
+++ b/docker/docker-compose.yml
@@ -0,0 +1,18 @@
+services:
+  sigem:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    environment:
+      BN_LICENSE_FILE: /run/secrets/license
+    volumes:
+      - ./binaryninja:/binaryninja:ro
+      - ./signatures:/signatures
+      - ./data:/data:ro
+    secrets:
+      - license
+    command: [ "/data/a.out", "/signatures/a" ]
+
+secrets:
+  license:
+    file: license.dat
\ No newline at end of file
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
new file mode 100644
index 0000000..98b698f
--- /dev/null
+++ b/docker/entrypoint.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+mkdir -p ~/.binaryninja
+cp "$BN_LICENSE_FILE" ~/.binaryninja/license.dat
+exec sigem "$@"
\ No newline at end of file