Cloudsmith offers an on-demand security scanning service for repositories, allowing users to identify vulnerable packages and track their introduction. The service can be run daily, weekly, monthly, or at a custom cadence, with the option to schedule multiple images for simultaneous scanning. Users can access a summary report of their repository's health in the Security Scanning view, view security scan results for specific vulnerabilities, and use the Vulnerability API to programmatically access scan results and historic data. The service also provides insights into the version of packages that introduced vulnerabilities, making it easier to identify and address potential security issues.