diff --git a/doc/user/clusters/agent/vulnerabilities.md b/doc/user/clusters/agent/vulnerabilities.md
index b920d6bd54036b82640c08880dcda765e2c7101c..37ec95a0e13922e9c80b6186e7d8aaf8c492b3d1 100644
--- a/doc/user/clusters/agent/vulnerabilities.md
+++ b/doc/user/clusters/agent/vulnerabilities.md
@@ -146,6 +146,18 @@ When using a fractional value for CPU, format the value as a string.
 NOTE:
 Resource requirements can only be set up using the agent configuration. If you enabled `Operational Container Scanning` through `scan execution policies`, you would need to define the resource requirements within the agent configuration file.
 
+## Custom repository for Trivy K8s Wrapper
+
+During a scan, OCS deploys pods using an image from the [Trivy K8s Wrapper repository](https://gitlab.com/security-products/trivy-k8s-wrapper/container_registry/5992609), which transmits the vulnerability report generated by [Trivy Kubernetes](https://aquasecurity.github.io/trivy/v0.54/docs/target/kubernetes) to OCS.
+
+If your cluster's firewall restricts access to the Trivy K8s Wrapper repository, you can configure OCS to pull the image from a custom repository. Ensure that the custom repository mirrors the Trivy K8s Wrapper repository for compatibility.
+
+```yaml
+container_scanning:
+  trivy_k8s_wrapper_image:
+    repository: "your-custom-registry/your-image-path"
+```
+
 ## View cluster vulnerabilities
 
 To view vulnerability information in GitLab: