Yes, even though managed and user-managed workbenches have been deprecated and instances are now being emphasized, there are still methods available to perform vulnerability scans, particularly for artifact registries within Google Cloud Platform (GCP).

One approach is to utilize Google Cloud's native security tools like Google Cloud Security Scanner or Cloud Security Command Center (Cloud SCC). These tools can help you identify vulnerabilities in your GCP resources, including artifact registries. Cloud SCC, in particular, provides centralized visibility into your security posture across your GCP infrastructure, including container images stored in Artifact Registry.

By incorporating these tools into your development and deployment processes, you can ensure that your container images stored in Artifact Registry undergo regular vulnerability assessments, even within the context of using instances over workbenches.