Currently, when claircore is looking up RHEL repositories in layers it first consults the /root/buildinfo/content_manifests/ in the hopes of find content sets (and translating them to repo CPEs via the repository-to-cpe.json.

If this process results in no repos being found there is a fallback to calling the container API https://catalog.redhat.com/api/containers/v1/images/nvr/ in the hopes of finding repository CPEs for specific images.

Falling back to the API should be deprecated for the following reasons:

• Newer images built with Konflux no longer include a dockerfile, which the API lookup fallback needs to decipher name and version information.
• Making external calls in the indexing process is a liability and can result in non-deterministic outcomes