diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml
index 4c6c295af021..fa1ede5a6d21 100644
--- a/.github/workflows/containers.yml
+++ b/.github/workflows/containers.yml
@@ -37,8 +37,8 @@ jobs:
           echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT
         id: tref
 
-      - name: Build ${{ matrix.type }} container for ${{ matrix.platform }}${{ matrix.run_js && ', (JS)' || '' }}
-        run: docker build -f docker/app_${{ matrix.type }} . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }} ${{ matrix.run_js && 'run_js=true' || '' }}" -t $ACR_REGISTRY/public/ccf/app/${{ matrix.type }}${{ matrix.run_js && '-js' || '' }}:${{ steps.tref.outputs.tag }}-${{ matrix.platform }}
+      - name: Build ${{ matrix.type }} container for ${{ matrix.platform }}${{ matrix.run_js && ', (JS)' || '' }} using clang ${{ matrix.clang_version }}
+        run: docker build -f docker/app_${{ matrix.type }} . --build-arg="clang_version=${{ matrix.clang_version }}" --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }} ${{ matrix.run_js && 'run_js=true' || '' }}" -t $ACR_REGISTRY/public/ccf/app/${{ matrix.type }}${{ matrix.run_js && '-js' || '' }}:${{ steps.tref.outputs.tag }}-${{ matrix.platform }}
 
       - name: Log in
         run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY
diff --git a/docker/app_dev b/docker/app_dev
index 8ebd976a1d6b..f26b992a11a3 100644
--- a/docker/app_dev
+++ b/docker/app_dev
@@ -29,7 +29,7 @@ COPY getting_started/setup_vm/ /tmp/setup_vm/
 RUN apt update \
     && apt install -y ansible software-properties-common bsdmainutils dnsutils \
     && cd /tmp/setup_vm \
-    && ansible-playbook app-dev.yml --extra-vars "$ansible_vars" --extra-vars "platform=${platform}" \
+    && ansible-playbook app-dev.yml --extra-vars "$ansible_vars" --extra-vars "platform=${platform}" --extra-vars "clang_version=${clang_version}" \
     && rm -rf /tmp/* \
     && apt remove -y ansible software-properties-common \
     && apt -y autoremove \
diff --git a/docker/app_run b/docker/app_run
index 143c15f9f667..387ef63602b7 100644
--- a/docker/app_run
+++ b/docker/app_run
@@ -29,7 +29,7 @@ COPY getting_started/setup_vm/ /tmp/setup_vm/
 RUN apt update \
     && apt install -y ansible software-properties-common curl bsdmainutils dnsutils \
     && cd /tmp/setup_vm \
-    && ansible-playbook app-run.yml --extra-vars "$ansible_vars" --extra-vars "platform=${platform}" \
+    && ansible-playbook app-run.yml --extra-vars "$ansible_vars" --extra-vars "platform=${platform}" --extra-vars "clang_version=${clang_version}" \
     && rm -rf /tmp/* \
     && apt remove -y ansible software-properties-common curl \
     && apt -y autoremove \
diff --git a/getting_started/setup_vm/app-dev.yml b/getting_started/setup_vm/app-dev.yml
index 7190ee77c8ce..3ee1d5a1ca50 100644
--- a/getting_started/setup_vm/app-dev.yml
+++ b/getting_started/setup_vm/app-dev.yml
@@ -4,6 +4,10 @@
     platform: "sgx"
     clang_version: "11"
   tasks:
+    - import_role:
+        name: llvm_repo
+        tasks_from: install.yml
+      when: clang_version == "15"
     - import_role:
         name: intel
         tasks_from: sgx-psw.yml
@@ -15,14 +19,21 @@
     - import_role:
         name: az_dcap
         tasks_from: install.yml
+
+    # If OE is already installed, we don't want to install hostverify as they are mutually
+    # exclusive. Non-SGX CCF builds can use either of them.
+    - name: Gather the package facts
+      ansible.builtin.package_facts:
+        manager: auto
     - import_role:
         name: openenclave
         tasks_from: binary_install.yml
-      when: platform == "sgx"
+      when: (platform == "sgx") or ("open-enclave" in ansible_facts.packages)
     - import_role:
         name: openenclave
         tasks_from: install_host_verify.yml
-      when: platform != "sgx"
+      when: (platform != "sgx") and ("open-enclave" not in ansible_facts.packages)
+
     - import_role:
         name: ccf_build
         tasks_from: install.yml
diff --git a/getting_started/setup_vm/app-run.yml b/getting_started/setup_vm/app-run.yml
index a99a806292f5..5a6a20ff6cde 100644
--- a/getting_started/setup_vm/app-run.yml
+++ b/getting_started/setup_vm/app-run.yml
@@ -4,6 +4,10 @@
     platform: "sgx"
     clang_version: "11"
   tasks:
+    - import_role:
+        name: llvm_repo
+        tasks_from: install.yml
+      when: clang_version == "15"
     - import_role:
         name: intel
         tasks_from: sgx-psw.yml
@@ -15,6 +19,14 @@
     - import_role:
         name: az_dcap
         tasks_from: install.yml
+    - import_role:
+        name: openenclave
+        tasks_from: binary_install.yml
+      when: platform == "sgx"
+    - import_role:
+        name: openenclave
+        tasks_from: install_host_verify.yml
+      when: platform != "sgx"
     - import_role:
         name: ccf_install
         tasks_from: deb_install.yml