The ACM 2.12.6 images and MCE 2.7.7 images have been waiting for release for an extended period of time and now konflux conforma violations have started blocking the release.  The violation being reported is:

✕ [Violation] trusted_task.trusted
  ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/release-mce-27/provider-credential-controller-mce-27@sha256:df45bcafd8b0abe5c86812191b8474d72175a2ac3fbbcbc3c4006b8bdb6bd158
  Reason: Untrusted version of PipelineTask "coverity-availability-check" (Task "coverity-availability-check") was included in
  build chain comprised of: coverity-availability-check. Please upgrade the task version to:
  sha256:36400873d3031df128c55aa71ee11d322c3e55fd8f13dc5779098fbc117c0aa3
  Term: coverity-availability-check
  Title: Tasks are trusted
  Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
  first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
  creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
  fallback when Trusted Artifacts are not enabled. In this case, *all* Tasks in the build Pipeline must be trusted. To exclude
  this rule add "trusted_task.trusted:coverity-availability-check" to the `exclude` section of the policy configuration.
  Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
  trusted. Otherwise, ensure *all* Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
  when newer versions are made available.

This violation is happening for many images, not just the sample provided above.