In November 2025, a team self-hosting Langfuse, an open-source LLM observability platform, on Kubernetes uploaded their ClickHouse image to AWS ECR as part of their production preparation.They found that the pipeline scanner had returned three critical vulnerabilities – not in ClickHouse, but in the base image.Their security team saw the findings and blocked the deployment before it ever reached production.