Current situation: My team is developing software that is running on a security-critical system. While our software itself is not critical we are only allowed to release a new version when the system is getting a full-blown new certification.

However the inspector in charge told us that he can permit updates if we can achieve a sufficient level of isolation from rest of the system.

Question: My idea was to certify a docker container and then roll out new updates to our software while using the same docker container. Is this actually a use-case for docker, or am i misunderstanding something about its functionality.

Second Question: with the new licensing model, would we need a licence for every shipped piece of hardware, or only for our dev team?