Red Hat advisories are handled differently from other Trivy DB advisories. Instead of using a distro name and version, they use CPE values to determine whether a package is vulnerable or not. This epic covers the work needed to gather the relevant data and make such comparisons.