diff --git a/cmd/updater/diffdumps/rhelv2_diff.go b/cmd/updater/diffdumps/rhelv2_diff.go
index d7beb5df0..49cf13b05 100644
--- a/cmd/updater/diffdumps/rhelv2_diff.go
+++ b/cmd/updater/diffdumps/rhelv2_diff.go
@@ -197,6 +197,11 @@ func generateRHELv2VulnsDiff(cfg config, outputDir string, baseLastModifiedTime
 			if err := generateRHELv2RepoToCPE(filepath.Join(outputDir, repoToCPEFile), headF); err != nil {
 				return errors.Wrapf(err, "generating %s", repo2cpe.RHELv2CPERepoName)
 			}
+
+			// additional copy of repo to cpe JSON at bundle root (due to ROX-30576)
+			if err := generateRHELv2RepoToCPE(filepath.Join(outputDir, repo2cpe.RHELv2CPERepoName), headF); err != nil {
+				return errors.Wrapf(err, "generating %s at bundle root", repo2cpe.RHELv2CPERepoName)
+			}
 		}
 
 		// Only look at JSON files in the vulns/ folder.
diff --git a/pkg/rhelv2/rhelv2.go b/pkg/rhelv2/rhelv2.go
index 26d632f1b..593a55991 100644
--- a/pkg/rhelv2/rhelv2.go
+++ b/pkg/rhelv2/rhelv2.go
@@ -245,5 +245,16 @@ func updateRepoToCPE(outputDir string) (*repo2cpe.RHELv2MappingFile, error) {
 		return nil, errors.Wrapf(err, "encoding mapping")
 	}
 
+	// Also create copy at bundle root (due to ROX-30576)
+	outFRoot, err := os.Create(filepath.Join(outputDir, repo2cpe.RHELv2CPERepoName))
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to create file %q at bundle root", repo2cpe.RHELv2CPERepoName)
+	}
+	defer utils.IgnoreError(outFRoot.Close)
+
+	if err := json.NewEncoder(outFRoot).Encode(&mapping); err != nil {
+		return nil, errors.Wrapf(err, "encoding mapping at bundle root")
+	}
+
 	return &mapping, nil
 }
diff --git a/pkg/vulndump/write.go b/pkg/vulndump/write.go
index 93cc6eae7..d0d253390 100644
--- a/pkg/vulndump/write.go
+++ b/pkg/vulndump/write.go
@@ -9,6 +9,7 @@ import (
 	"github.com/mholt/archiver/v3"
 	"github.com/pkg/errors"
 	"github.com/stackrox/scanner/database"
+	"github.com/stackrox/scanner/pkg/repo2cpe"
 )
 
 // WriteZip takes the given files and creates the vuln dump zip.
@@ -25,6 +26,7 @@ func WriteZip(inputDir, outFile string, ignoreKubernetesVulns, ignoreRHELv2Vulns
 	}
 	if !ignoreRHELv2Vulns {
 		sources = append(sources, filepath.Join(inputDir, RHELv2DirName))
+		sources = append(sources, filepath.Join(inputDir, repo2cpe.RHELv2CPERepoName))
 	}
 	if !ignoreIstioVulns {
 		sources = append(sources, filepath.Join(inputDir, IstioDirName))