What is the nature and description of the request?
I would like Red Hat to treat the software it maintains and distributes as any other package in its advisories. OC CLI must have an entry in security advisories going forward, so if I go check whether CVE-1234-56789 applies to it I would be given a yes/no answer right on Red Hat's website.
Why does the end customer need this? (List the detailed business requirement here)

This is needed to avoid validation, on every single OC CLI release, if around 20 high and critical severity vulnerabilities are applicable or not. As this piece of software is not distributed in Red Hat's software repositories but comes from GitHub / cluster console, our security scanner (Aqua; classic scanner instead of Trivy but nonetheless) does not have a source of truth for telling if these CVEs apply or not. It sees the version of a Golang package and jumps to conclusions right away instead of validating with Red Hat advisories if that conclusion is right.

Does the customer have any specific timeline dependencies and which release would they like to target?
No timeline dependencies, but this is quite important to us and we would like to see it available (at least for OC CLI) as soon as possible.

List any affected packages or components.
OC CLI, but there could be more.

Would the end customer be able to assist in testing this functionality if implemented?
Yes.