How to run docker scan without contacting docker.io

Hi,

I’m running docker scan in a Jenkins pipeline which is not permitted to contact public/external registries. When I run docker scan, it attempts to contact a registry hosted on docker.io but then times out, breaking the build.

Is it only trying to contact this registry to look for containers, or does Snyk retrieve updates, definitions etc. from here?

How would I configure to avoid hitting docker.io - and would that reduce the effectiveness of the scan?

Thanks for any pointers that can be given.