diff --git a/src/pkg/scan/util.go b/src/pkg/scan/util.go
index e66e657f403e..f15626dce4d2 100644
--- a/src/pkg/scan/util.go
+++ b/src/pkg/scan/util.go
@@ -30,24 +30,27 @@ import (
 	"github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 
+	commonhttp "github.com/goharbor/harbor/src/common/http"
+	"github.com/goharbor/harbor/src/lib/log"
 	"github.com/goharbor/harbor/src/pkg/robot/model"
 	v1sq "github.com/goharbor/harbor/src/pkg/scan/rest/v1"
 )
 
-// Insecure ...
-type Insecure bool
-
 // RemoteOptions ...
-func (i Insecure) RemoteOptions() []remote.Option {
+func RemoteOptions() []remote.Option {
 	tr := http.DefaultTransport.(*http.Transport).Clone()
-	tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: bool(i)}
+	tlsConfig := &tls.Config{InsecureSkipVerify: true}
+	var err error
+	if commonhttp.InternalEnableVerifyClientCert() {
+		tlsConfig, err = commonhttp.GetInternalTLSConfig()
+		if err != nil {
+			log.Errorf("SBOM client load cert file with err: %v", err)
+		}
+		tr.TLSClientConfig = tlsConfig
+	}
 	return []remote.Option{remote.WithTransport(tr)}
 }
 
-type referrer struct {
-	Insecure
-}
-
 // GenAccessoryArt composes the accessory oci object and push it back to harbor core as an accessory of the scanned artifact.
 func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[string]string, mediaType string, robot *model.Robot) (string, error) {
 	accArt, err := mutate.Append(empty.Image, mutate.Addendum{
@@ -92,7 +95,7 @@ func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[str
 	if err != nil {
 		return "", err
 	}
-	opts := append(referrer{Insecure: true}.RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret}))
+	opts := append(RemoteOptions(), remote.WithAuth(&authn.Basic{Username: robot.Name, Password: robot.Secret}))
 	if err := remote.Write(accRef, accArt, opts...); err != nil {
 		return "", err
 	}