The docker way of updating containers is to build a new image with the updated binaries and files, which creates a security concern.
The docker way is not anymore running "zypper update" in the containment but to update the whole image in the image registry (hub docker if we are talking about public registry) and then pull the image update from there, stop the outdated containments and replace them by starting new containments based on the new image.
This process breaks our current security update workflow since our workflow is based on running "zypper update" at the host, or in this case, in the containment.
Thus, what we need is a way to update the images in the registry when there are new RPM updates.
When we talk about updating RPMs, we have to make a distinction of 2 cases:
- The RPM is in the base image
- The RPM is in a layer above the image
The idea of the project is to make use of the "Remote Build Trigger" feature in the public registry "Docker Hub"  to trigger automatic builds of containers which need to be rebuilt.
This project is part of:
Hack Week 12