Creating a Container Image

A container image represents a shippable software component that combines the necessary OS libraries, application middleware, and custom built software application. A container registry is used to store the container images created by developers or third party software vendors. Snyk helps developers to monitor container images for vulnerabilities and licensing issues.

In the prerequisites section you either created a Docker Hub account or had an existing account. In this section we will create a container image using the goof application and push the image to your Docker Hub repository.

If you have your own container images on Docker Hub and a GitHub repository with a Dockerfile you can skip to the next section.

Clone GitHub repository

To build the sample application goof, use the git CLI to clone the application to a directory on your laptop. Once the clone is complete change to the top-level of the goof directory.

git clone
Cloning into 'goof'...
remote: Enumerating objects: 326, done.
remote: Counting objects: 100% (326/326), done.
remote: Compressing objects: 100% (177/177), done.
remote: Total 326 (delta 156), reused 291 (delta 132), pack-reused 0
Receiving objects: 100% (326/326), 248.40 KiB | 1.67 MiB/s, done.
Resolving deltas: 100% (156/156), done.

Use your forked version in the command above by replacing the omearaj with your GitHub version.

Build a container image

Our next step is to use the docker CLI to create a container image. Issue the following docker command to build a container image.

In this example, replace omearaj with your Docker Hub Id. If you don't know your Docker Id, log into Docker Hub and you can find it in your profile.

docker build . -t omearaj/goof:latest

This command tells docker to build a container image starting with the current local path and the -t tells docker to tag the image using your Docker Hub Id, the name of the container image, and the version of your container image.

Docker tags convey useful information about a specific image version/variant. They are aliases to the ID of your image which often look like this: f1477ec11d12. It’s just a way of referring to your image.

docker build . -t omearaj/goof:latest
Sending build context to Docker daemon 2.605MB
Step 1/10 : FROM node:6-stretch
---> ab290b853066
Step 2/10 : RUN mkdir /usr/src/goof
---> Using cache
---> d5a950d3892d
Step 3/10 : RUN mkdir /tmp/extracted_files
---> Using cache
---> 4ac499320dbd
Step 4/10 : COPY . /usr/src/goof
---> 125716c0e356
Step 5/10 : WORKDIR /usr/src/goof
---> Running in 2aab08235f0a
Removing intermediate container 2aab08235f0a
---> 94a6d3655b4a
Step 6/10 : RUN npm update
---> Running in 5c484736e8bb
Removing intermediate container 5c484736e8bb
---> 9f8f59a27dd7
Step 7/10 : RUN npm install
---> Running in 20de7a3e00d4
Removing intermediate container 20de7a3e00d4
---> d5f9ff28c53b
Step 8/10 : EXPOSE 3001
---> Running in 0d860ecd0cfc
Removing intermediate container 0d860ecd0cfc
---> 8c9a5a3019da
Step 9/10 : EXPOSE 9229
---> Running in d66571a711cb
Removing intermediate container d66571a711cb
---> f9685d053233
Step 10/10 : ENTRYPOINT ["npm", "start"]
---> Running in 4f2b68a0e20a
Removing intermediate container 4f2b68a0e20a
---> 0bd35689e95e
Successfully built 0bd35689e95e
Successfully tagged omearaj/goof:latest

Push docker image to Docker Hub

After the docker build command is complete you should have an instance of the goof:latest container image on your laptop prefixed with your Docker Hub Id. To list all of the images on your laptop you can issue a docker images command.

Remember your image will be labeled like Docker Hub Id/goof:latest

To push container images to Docker Hub we must authenticate with Docker Hub. Issue the docker login command listed below if you are not authenticated with Docker Hub.

docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to to create one.
Username: **********
Password: **********
Login Succeeded

Authenticated to Docker Hub, we can now issue a docker push command and docker will start to transfer your image to Docker Hub. Docker will start to transfer the new layers to Docker Hub.

Remember to change your push command to include your Docker Hub Id

docker push omearaj/goof:latest
The push refers to repository []
2cadc3ef8733: Pushed
87dc5827675b: Pushed
6b6bbc7297c7: Pushed
7a9d9f5366d2: Layer already exists
eaa27aeae469: Layer already exists
f39151891503: Layer already exists
f1965d3c206f: Layer already exists
a27518e43e49: Layer already exists
910d7fd9e23e: Layer already exists
4230ff7f2288: Layer already exists
2c719774c1e1: Layer already exists
ec62f19bb3aa: Layer already exists
f94641f1fe1f: Layer already exists
latest: digest: sha256:a97c312ed48c543f5375947b882e3ed6156b8f5ee4126cd826e5a3cc050db703 size: 3054

Once the image has reached Docker Hub you can view it from the Docker Hub UI. You'll notice the container image in the Docker Hub UI is in a repository based on your Docker Hub Id.