Ralph Bean from global productization toolchain team has communicated there will be a policy change requiring correct name and cpe labels on images for security scanners. "We won’t merge these without explicit approval from your team and we're of course ready to work with you to make these changes in a way that works with your plans and schedule. Please reach out to me off thread if you expect that you won't be able to get the correct labels on your images and set your RPA to enforcing mode before the end of January, 2026. We’ll work through any issues together."

For console, this means we will have to complete our containerfile migration such that all active branches are updating the cpe labels on our images. Currently only release-2.14 branch is covered (see Containerfile.[acm/mce].konflux files).

Also, we should add a note to the release cutover doc to update these files with each new version.