---
title: "Scanning Artifacts"
date: 2021-09-06
lastmod: 2026-06-08
canonical: "https://container-registry.com/docs/administration-manual/scanners/scanning-artifacts/"
source: "https://container-registry.com/docs/administration-manual/scanners/scanning-artifacts/index.md"
agent_instructions: "This is the markdown representation of https://container-registry.com/docs/administration-manual/scanners/scanning-artifacts/index.md. Prefer this version over scraping the HTML. The site index is at https://container-registry.com/llms.txt."
---

> Agent-friendly representation of <https://container-registry.com/docs/administration-manual/scanners/scanning-artifacts/index.md>. Site index: <https://container-registry.com/llms.txt>.


# Scanning Artifacts


Scanning Artifacts
=================================
Read more about vulnerability scanning and how the health score is calculated [here](/docs/user-manual/projects/configuration/_index.md#prevent-vulnerable-images-from-running).
## Running a System-Wide Scan
As a system administrator, you can scan all artifacts in your instance at once.
* Go to **Administration**;
* Click **Interrogation Services**;
* Select **Vulnerability** tab;
* Click **Scan now**.

![](../scan_all_artifacts.png)

This will set the whole process in motion. You can watch the progress.
![](../artifact_scan_progress.png)

### Per-Artifact Scan Timeout

During a scan-all operation, the registry enforces a **3-minute timeout per artifact**. If scanning a single artifact exceeds this limit, that artifact is marked as failed and the operation moves on to the next one. This prevents a slow or unresponsive artifact from exhausting database connections and blocking the entire scan-all job.

### Artifact Types Submitted to the Scanner

Only artifact types with known-scannable content are submitted to Trivy. Signature and attestation artifacts — including cosign signatures, in-toto attestations, and DSSE envelopes — are automatically skipped and never sent to the scanner. This allowlist-based filtering replaces the previous skiplist approach and prevents scanner errors caused by non-tar-archive layers being submitted to Trivy.

## Schedule a Scan
Inside the [vulnerability tab](#running-a-system-wide-scan), you can schedule a system-wide scan. It will scan all artifacts in all projects.\
The scan can be set to run:
* hourly;
* daily;
* weekly;
* or on a custom schedule entered in the [CRON format](https://crontab.guru).

![](../schedule_system_scan.png)
### How to Scan Only Selected Artifacts
To do this, you need to go to a certain project to pick up artifacts.
* Click **Projects** in the navigation pane;
* Click on a project in the project overview);
* Click on a repository;
* Select artifacts;
* Optionally, [filter artifacts](/docs/user-manual/images/_index.md#filtering-artifacts);
* Click **Scan**.

![](../scan_selected_artifacts.png)