diff --git a/.tekton/scanner-component-pipeline.yaml b/.tekton/scanner-component-pipeline.yaml
index fc1191751..c552cdb0e 100644
--- a/.tekton/scanner-component-pipeline.yaml
+++ b/.tekton/scanner-component-pipeline.yaml
@@ -252,7 +252,7 @@ spec:
       value: $(params.build-target-stage)
     - name: BUILD_ARGS
       value:
-      - TAG_SUFFIX=$(params.output-tag-suffix)
+      - SCANNER_TAG=$(tasks.determine-image-tag.results.image-tag)
     runAfter:
     - prefetch-dependencies
     - fetch-scanner-data
diff --git a/Makefile b/Makefile
index 588556cf2..e36425b17 100644
--- a/Makefile
+++ b/Makefile
@@ -21,7 +21,7 @@ endif
 endif
 
 ifeq ($(TAG),)
-TAG=$(shell git describe --tags --abbrev=10 --dirty --long)$(TAG_SUFFIX)
+TAG=$(shell git describe --tags --abbrev=10 --dirty --long)
 endif
 
 # Set expiration on Quay.io for non-release tags.
diff --git a/image/db/rhel/konflux.Dockerfile b/image/db/rhel/konflux.Dockerfile
index 2ea633ee4..3a58f2d6c 100644
--- a/image/db/rhel/konflux.Dockerfile
+++ b/image/db/rhel/konflux.Dockerfile
@@ -1,5 +1,7 @@
 FROM registry.redhat.io/rhel8/postgresql-15:latest AS scanner-db-common
 
+ARG SCANNER_TAG
+
 LABEL \
     com.redhat.license_terms="https://www.redhat.com/agreements" \
     description="Scanner Database Image for Red Hat Advanced Cluster Security for Kubernetes" \
@@ -9,9 +11,7 @@ LABEL \
     source-location="https://github.com/stackrox/scanner" \
     summary="Scanner DB for Red Hat Advanced Cluster Security for Kubernetes" \
     url="https://catalog.redhat.com/software/container-stacks/detail/60eefc88ee05ae7c5b8f041c" \
-    # We must set version label to prevent inheriting value set in the base stage.
-    # TODO(ROX-20236): configure injection of dynamic version value when it becomes possible.
-    version="0.0.1-todo"
+    version="$SCANNER_TAG"
 
 USER root
 
diff --git a/image/scanner/rhel/konflux.Dockerfile b/image/scanner/rhel/konflux.Dockerfile
index 59b247d7e..e08c48deb 100644
--- a/image/scanner/rhel/konflux.Dockerfile
+++ b/image/scanner/rhel/konflux.Dockerfile
@@ -5,8 +5,8 @@ ARG BASE_TAG=latest
 # Compiling scanner binaries and staging repo2cpe and genesis manifests
 FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_1.21 AS builder
 
-ARG TAG_SUFFIX
-ENV TAG_SUFFIX="$TAG_SUFFIX"
+ARG SCANNER_TAG
+ENV RELEASE_TAG="$SCANNER_TAG"
 
 ENV GOFLAGS=""
 ENV CI=1
@@ -31,6 +31,8 @@ COPY ./blob-genesis_manifests.json image/scanner/dump/genesis_manifests.json
 # Common base for scanner slim and full
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS scanner-common
 
+ARG SCANNER_TAG
+
 LABEL \
     com.redhat.license_terms="https://www.redhat.com/agreements" \
     description="This image supports image scanning for Red Hat Advanced Cluster Security for Kubernetes" \
@@ -40,9 +42,7 @@ LABEL \
     source-location="https://github.com/stackrox/scanner" \
     summary="The image scanner for Red Hat Advanced Cluster Security for Kubernetes" \
     url="https://catalog.redhat.com/software/container-stacks/detail/60eefc88ee05ae7c5b8f041c" \
-    # We must set version label to prevent inheriting value set in the base stage.
-    # TODO(ROX-20236): configure injection of dynamic version value when it becomes possible.
-    version="0.0.1-todo"
+    version="$SCANNER_TAG"
 
 SHELL ["/bin/sh", "-o", "pipefail", "-c"]