diff --git a/cmd/deploy.go b/cmd/deploy.go
index 5ae7a3e..2b4ecc5 100644
--- a/cmd/deploy.go
+++ b/cmd/deploy.go
@@ -10,6 +10,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/stackrox/roxie/internal/deployer"
 	"github.com/stackrox/roxie/internal/env"
+	"github.com/stackrox/roxie/internal/helpers"
 	"github.com/stackrox/roxie/internal/logger"
 )
 
@@ -138,6 +139,12 @@ func runDeploy(cmd *cobra.Command, args []string) error {
 	d.SetPauseReconciliation(pauseReconciliation)
 	d.SetSingleNamespace(singleNamespace)
 
+	mainImageTag, err := helpers.LookupMainImageTag(log)
+	if err != nil {
+		return fmt.Errorf("looking up main image tag: %w", err)
+	}
+	d.SetMainImageTag(mainImageTag)
+
 	// Resolve "auto" resources based on cluster type
 	resolvedResources := resources
 	if resources == "auto" {
diff --git a/internal/deployer/deployer.go b/internal/deployer/deployer.go
index 44be4e7..0fb8e9d 100644
--- a/internal/deployer/deployer.go
+++ b/internal/deployer/deployer.go
@@ -291,7 +291,6 @@ func New(log *logger.Logger, overrideFile string, overrideSetExpressions []strin
 		roxctlVersion:          roxctlVersion,
 		centralNamespace:       centralNamespace,
 		sensorNamespace:        sensorNamespace,
-		mainImageTag:           helpers.LookupMainImageTag(),
 		exposure:               defaultExposure,
 		overrideFile:           overrideFile,
 		overrideSetExpressions: overrideSetExpressions,
@@ -302,7 +301,6 @@ func New(log *logger.Logger, overrideFile string, overrideSetExpressions []strin
 	d.imageCache = imagecache.New(log, "", 20)
 	d.portForward = portforward.New(kubectl, log)
 	d.clusterDefaults = clusterdefaults.NewManager(log)
-	d.operatorTag = helpers.ConvertMainTagToOperatorTag(d.mainImageTag)
 
 	if password := os.Getenv("ROX_ADMIN_PASSWORD"); password != "" {
 		d.centralPassword = password
@@ -718,6 +716,11 @@ func (d *Deployer) SetSingleNamespace(enabled bool) {
 	}
 }
 
+func (d *Deployer) SetMainImageTag(tag string) {
+	d.mainImageTag = tag
+	d.operatorTag = helpers.ConvertMainTagToOperatorTag(d.mainImageTag)
+}
+
 // maybeAddPauseReconcileAnnotation adds the stackrox.io/pause-reconcile annotation to a custom resource
 func (d *Deployer) maybeAddPauseReconcileAnnotation(ctx context.Context, resourceType, resourceName, namespace string) error {
 	if !d.pauseReconciliation {
diff --git a/internal/env/env.go b/internal/env/env.go
index af9ca40..0f9adbc 100644
--- a/internal/env/env.go
+++ b/internal/env/env.go
@@ -2,6 +2,7 @@ package env
 
 import (
 	"encoding/json"
+	"fmt"
 	"net/url"
 	"os"
 	"os/exec"
@@ -220,3 +221,46 @@ func fetchAPIResources() []string {
 	lines := strings.Split(strings.TrimSpace(string(output)), "\n")
 	return lines
 }
+
+func IsInStackroxRepository() bool {
+	cmd := exec.Command("git", "remote", "get-url", "origin")
+	outputBytes, err := cmd.Output()
+	if err != nil {
+		return false
+	}
+	outputLines := strings.Split(string(outputBytes), "\n")
+	if len(outputLines) == 0 {
+		return false
+	}
+	return outputLines[0] == "git@github.com:stackrox/stackrox.git"
+}
+
+func GetStackroxRepositoryTag() (string, error) {
+	topLevelDir, err := getStackRoxTopLevelDir()
+	if err != nil {
+		return "", fmt.Errorf("getting stackrox top level directory: %w", err)
+	}
+	cmd := exec.Command("make", "-s", "-C", topLevelDir, "tag")
+	outputBytes, err := cmd.Output()
+	if err != nil {
+		return "", fmt.Errorf("retrieving stackrox repository tag: %w", err)
+	}
+	tag := strings.TrimSpace(string(outputBytes))
+	if strings.HasSuffix(tag, "-dirty") {
+		return "", fmt.Errorf("stackrox repository is dirty")
+	}
+	return tag, nil
+}
+
+func getStackRoxTopLevelDir() (string, error) {
+	cmd := exec.Command("git", "rev-parse", "--show-toplevel")
+	outputBytes, err := cmd.Output()
+	if err != nil {
+		return "", fmt.Errorf("getting stackrox top level directory: %w", err)
+	}
+	topLevelDir := strings.TrimSpace(string(outputBytes))
+	if len(topLevelDir) == 0 {
+		return "", fmt.Errorf("stackrox top level directory is empty")
+	}
+	return topLevelDir, nil
+}
diff --git a/internal/helpers/tag.go b/internal/helpers/tag.go
index cf7a3e8..95702b3 100644
--- a/internal/helpers/tag.go
+++ b/internal/helpers/tag.go
@@ -3,17 +3,33 @@ package helpers
 import (
 	"os"
 	"strings"
+
+	"github.com/stackrox/roxie/internal/env"
+	"github.com/stackrox/roxie/internal/logger"
 )
 
 const (
 	defaultMainImageTag = "4.8.4"
 )
 
-func LookupMainImageTag() string {
+func LookupMainImageTag(log *logger.Logger) (string, error) {
+	log.Info("Looking up main image tag")
 	if tag := os.Getenv("MAIN_IMAGE_TAG"); tag != "" {
-		return tag
+		log.Dimf("Using MAIN_IMAGE_TAG from environment: %s", tag)
+		return tag, nil
+	}
+	if env.IsInStackroxRepository() {
+		tag, err := env.GetStackroxRepositoryTag()
+		if err != nil {
+			log.Dimf("Error retrieving stackrox repository tag: %v", err)
+			return "", err
+		}
+		log.Dimf("Using stackrox repository tag: %s", tag)
+		return tag, nil
 	}
-	return defaultMainImageTag
+
+	log.Dimf("Using default main image tag %s -- set MAIN_IMAGE_TAG to the desired tag", defaultMainImageTag)
+	return defaultMainImageTag, nil
 }
 
 func ConvertMainTagToOperatorTag(mainTag string) string {