diff --git a/internal/runbits/cves/cves.go b/internal/runbits/cves/cves.go
index 666e86bb04..0b015b04a3 100644
--- a/internal/runbits/cves/cves.go
+++ b/internal/runbits/cves/cves.go
@@ -39,7 +39,7 @@ func NewCveReport(prime primeable) *CveReport {
 	return &CveReport{prime}
 }
 
-func (c *CveReport) Report(newBuildPlan *buildplan.BuildPlan, oldBuildPlan *buildplan.BuildPlan) error {
+func (c *CveReport) Report(newBuildPlan *buildplan.BuildPlan, oldBuildPlan *buildplan.BuildPlan, names ...string) error {
 	changeset := newBuildPlan.DiffArtifacts(oldBuildPlan, false)
 	if c.shouldSkipReporting(changeset) {
 		logging.Debug("Skipping CVE reporting")
@@ -71,11 +71,11 @@ func (c *CveReport) Report(newBuildPlan *buildplan.BuildPlan, oldBuildPlan *buil
 		}
 	}
 
-	names := make([]string, len(ingredients))
-	for i, ing := range ingredients {
-		names[i] = ing.Name
+	if len(names) == 0 {
+		for _, ing := range ingredients {
+			names = append(names, ing.Name)
+		}
 	}
-
 	pg := output.StartSpinner(c.prime.Output(), locale.Tr("progress_cve_search", strings.Join(names, ", ")), constants.TerminalAnimationInterval)
 
 	ingredientVulnerabilities, err := model.FetchVulnerabilitiesForIngredients(c.prime.Auth(), ingredients)
diff --git a/internal/runbits/requirements/requirements.go b/internal/runbits/requirements/requirements.go
index 5c7e3390d4..fe59399334 100644
--- a/internal/runbits/requirements/requirements.go
+++ b/internal/runbits/requirements/requirements.go
@@ -262,7 +262,8 @@ func (r *RequirementOperation) ExecuteRequirementOperation(ts *time.Time, requir
 		dependencies.OutputChangeSummary(r.Output, rtCommit.BuildPlan(), oldBuildPlan)
 
 		// Report CVEs
-		if err := cves.NewCveReport(r.prime).Report(rtCommit.BuildPlan(), oldBuildPlan); err != nil {
+		names := requirementNames(requirements...)
+		if err := cves.NewCveReport(r.prime).Report(rtCommit.BuildPlan(), oldBuildPlan, names...); err != nil {
 			return errs.Wrap(err, "Could not report CVEs")
 		}