diff --git a/ansible/cleanup.yml b/ansible/cleanup.yml
index 670a99b29..744f9b657 100644
--- a/ansible/cleanup.yml
+++ b/ansible/cleanup.yml
@@ -38,7 +38,21 @@
 
 - name: Cleanup /tmp
   command : rm -rf /tmp/*
-    
+
+- name: Delete files triggering vulnerability scans
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop: # NB: items here MUST have a justification!
+    # ondemand install: raised at https://github.com/OSC/ondemand/security/advisories/GHSA-f7j8-ppqm-m5vw
+    # All declared not to be an issue by Open Ondemand as relevant packages not installed
+    - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-2.7.0/test/dummy/Gemfile.lock"
+    - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-4.5.0/demo/yarn.lock"
+    - /var/www/ood/apps/sys/dashboard/node_modules/data-confirm-modal/Gemfile.lock
+    # chrony role: only used for role dev, venv never created on disk
+    - /etc/ansible-init/playbooks/roles/mrlesmithjr.chrony/poetry.lock
+    - /etc/ansible-init/playbooks/roles/mrlesmithjr.chrony/requirements.txt
+
 - name: Get package facts
   package_facts:
 
diff --git a/environments/.stackhpc/hooks/post.yml b/environments/.stackhpc/hooks/post.yml
deleted file mode 100644
index 9d506d725..000000000
--- a/environments/.stackhpc/hooks/post.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-- hosts: openondemand
-  become: yes
-  gather_facts: false
-  tasks:
-    - name: Delete ondemand files causing Trivy scan false-positives
-      # Raised at https://github.com/OSC/ondemand/security/advisories/GHSA-f7j8-ppqm-m5vw
-      # All declared not to be an issue by Open Ondemand as relevant packages not installed
-      ansible.builtin.file:
-        path: "{{ item }}"
-        state: absent
-      with_items:
-        - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-2.7.0/test/dummy/Gemfile.lock"
-        - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-4.5.0/demo/yarn.lock"
-        - /var/www/ood/apps/sys/dashboard/node_modules/data-confirm-modal/Gemfile.lock
diff --git a/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json b/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json
index 0bd6001dc..3e8293206 100644
--- a/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json
+++ b/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json
@@ -1,6 +1,6 @@
 {
     "cluster_image": {
-        "RL8": "openhpc-RL8-250221-0904-e4ff694e",
-        "RL9": "openhpc-RL9-250221-0904-e4ff694e"
+        "RL8": "openhpc-RL8-250305-1110-534ed276",
+        "RL9": "openhpc-RL9-250305-1110-534ed276"
     }
 }