diff --git a/util/secscan/v4/api.py b/util/secscan/v4/api.py
index a4e8fc7990..25a1210724 100644
--- a/util/secscan/v4/api.py
+++ b/util/secscan/v4/api.py
@@ -23,7 +23,7 @@
 logger = logging.getLogger(__name__)
 
 DOWNLOAD_VALIDITY_LIFETIME_S = 60  # Amount of time the security scanner has to call the layer URL
-DEFAULT_REQUEST_TIMEOUT = 180
+DEFAULT_REQUEST_TIMEOUT = 30
 INDEX_REQUEST_TIMEOUT = 600
 
 
diff --git a/util/secscan/v4/test/test_secscan.py b/util/secscan/v4/test/test_secscan.py
index 4150a43092..abe4f3c2ae 100644
--- a/util/secscan/v4/test/test_secscan.py
+++ b/util/secscan/v4/test/test_secscan.py
@@ -2,6 +2,7 @@
 
 import pytest
 from mock import patch
+from requests.exceptions import Timeout
 
 from app import instance_keys, storage
 from config import build_requests_session
@@ -101,3 +102,11 @@ def test_vulnerability_report_incompatible_api_response(api, initialized_db):
             layers = registry_model.list_manifest_layers(manifest, storage, True)
 
             api.vulnerability_report(manifest.digest)
+
+
+def test_vulnerability_report_timeout(api, initialized_db):
+    with fake_security_scanner() as security_scanner:
+        with pytest.raises(APIRequestFailure):
+            with patch.object(api._client, "request", side_effect=Timeout):
+                manifest = manifest_for("devtable", "simple", "latest")
+                api.vulnerability_report(manifest.digest)