There are a couple of things to cover here:

1. Keep your software/containers up to date. You can subscribe to the GitHub repo and configure it to get notified for new releases and security alerts. Complementary, you can use RSS feeds, newteleases.io and/or WUD (What’s Up Docker) and add labels to your docker compose files. Personally, I check the notification once a week and change the version for all minor tools I’m using. If there is a major release (or new Immich version) I read the changelog and update instructions (if it’s the case).

2. For container security scans, you can use Trivy, but the problem is that you don’t have a centralized overview of your scan results. For this you can use DefectDojo. Depending on the case/threat model, vulnerability management for self-hosted things might be overkill, but highly recommended of you want to learn more about this. It worth mentioning Trufflehog as secrets scanner and sops as a solution to encrypt sensitive data so you can push it to git/SCM.

I don’t know. I read it as “an interior piece of software”

You might wanna check out this article: https://lukesmith.xyz/articles/matrix-vs-xmpp/

I found it after I already settled with snikket.im The mobile application is reliable and there is Conversation as desktop client. From my point of view, the audio and video quality of Snikket are way better than Matrix.

It worth mentioning that initially I wanted to set up a Matrix server also, but I had second thoughts because I knew how resource intensive are the mobile app and the server also.

Lidarr, SpotSpot, Jellyfin (Symfonium for listening to music on my Android phone).

I use Spotify (web version) or Lidarr to look/search for the name of the albums for different artists and then download it with SpotSpot (consider pairing it with Gluetun). For me, this is perfect!

Edit: While on my computer, I’m using Feishin to listen to music from Jellyfin. I usually create the playlists from there.