diff --git a/.gitlab/ci/cng/security.gitlab-ci.yml b/.gitlab/ci/cng/security.gitlab-ci.yml
index 3f61a2879f7495f17c324077c0d6ac160d4fb04f..37cb32ea440cdf74f299da54bf83ce64e9fd4dfe 100644
--- a/.gitlab/ci/cng/security.gitlab-ci.yml
+++ b/.gitlab/ci/cng/security.gitlab-ci.yml
@@ -1,6 +1,3 @@
-# Similar to .gitlab/ci/cng/main.gitlab-ci.yml, to be used in security mirror pipelines
-# Used by .gitlab/ci/release-environments.gitlab-ci.yml
-# Images from the security mirror should be built in gitlab-org/security/charts/components/images
 ---
 default:
   interruptible: true
@@ -29,6 +26,7 @@ include:
     - echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV
     - ruby -e 'puts "FULL_RUBY_VERSION=#{RUBY_VERSION}"' >> $BUILD_ENV
     - cat $BUILD_ENV
+    - echo "CI_PROJECT_NAMESPACE is defined as ${CI_PROJECT_NAMESPACE}"
   artifacts:
     reports:
       dotenv: $BUILD_ENV
diff --git a/.gitlab/ci/release-environments.gitlab-ci.yml b/.gitlab/ci/release-environments.gitlab-ci.yml
index 3de91d5e339d8dacd4bc75c1eb1cdcea5ec3b419..bcd1a3b047c3b3a1283aafab76b14566c7e1bc89 100644
--- a/.gitlab/ci/release-environments.gitlab-ci.yml
+++ b/.gitlab/ci/release-environments.gitlab-ci.yml
@@ -46,7 +46,7 @@ start-release-environments-security-pipeline:
   # They need to be explicitly passed on to the child pipeline.
   # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword
   variables:
-    # This is needed by `release-environments-build-cng-env` (`.gitlab/ci/release-environments/main.gitlab-ci.yml`).
+    # This is needed by `release-environments-build-cng-env` (`.gitlab/ci/release-environments/security.gitlab-ci.yml`).
     PARENT_PIPELINE_ID: $CI_PIPELINE_ID
   trigger:
     strategy: depend
diff --git a/scripts/release_environment/construct-release-environments-versions.rb b/scripts/release_environment/construct-release-environments-versions.rb
index 6996fc49c280163f8959444d1292eaaf900ea041..095a541e57fd25fd7528903a9195e225881b3c61 100755
--- a/scripts/release_environment/construct-release-environments-versions.rb
+++ b/scripts/release_environment/construct-release-environments-versions.rb
@@ -21,7 +21,7 @@ class ReleaseEnvironmentsModel
   def generate_json
     output_json = {}
     COMPONENTS.each do |component|
-      output_json[component.to_s] = "#{environment}-#{ENV['CI_COMMIT_SHORT_SHA']}"
+      output_json[component.to_s] = image_tag.to_s
     end
     JSON.generate(output_json)
   end
@@ -42,15 +42,22 @@ def environment
     @environment ||= generate_environment
   end
 
+  def image_tag
+    @image_tag ||= "#{environment_base}-#{ENV['CI_COMMIT_SHORT_SHA']}"
+  end
+
   def generate_environment
-    environment = if release_tag_match
-                    "#{release_tag_match[1]}-#{release_tag_match[2]}-stable"
-                  else
-                    ENV['CI_COMMIT_REF_SLUG'].sub(/-ee$/, '')
-                  end
+    base = environment_base
+    base + (security_project? ? "-security" : "")
+  end
 
-    environment += "-security" if security_project?
-    environment
+  # This is to generate the environment name without "-security". It is used by the image tag
+  def environment_base
+    @environment_base ||= if release_tag_match
+                            "#{release_tag_match[1]}-#{release_tag_match[2]}-stable"
+                          else
+                            ENV['CI_COMMIT_REF_SLUG'].sub(/-ee$/, '')
+                          end
   end
 
   private