Description:
This ticket continues from SECDATA-1089 (closed as Done).
The original issue addressed CPE-to-Repository mapping for CSAF integration but did not fully resolve detection in local or custom repository scenarios.

Request:
Re-evaluate and enhance the CPE-to-Repo mapping mechanism to ensure:

• Accurate product identification for local/custom repos

• Consistent CSAF data consumption similar to standard Red Hat repositories

• Validation coverage for edge cases where repository metadata differs from standard Red Hat naming conventions

Reason for reopening:
Multiple of our customers are using custom repositories; therefore, we need to find a robust solution that ensures CSAF data integration works consistently across all such environments.

Background Reference:
Original description from SECDATA-1089 —

“Integration of CSAF data consumption using Repository-to-CPE Mapping works correctly with standard Red Hat repositories however fails to identify the correct product when using local or custom repositories.”