diff --git a/src/ui/service/notification.go b/src/ui/service/notification.go
index b9bcbadee..2f7841435 100644
--- a/src/ui/service/notification.go
+++ b/src/ui/service/notification.go
@@ -16,6 +16,7 @@ package service
 
 import (
 	"encoding/json"
+	"os"
 	"regexp"
 	"strings"
 	"time"
@@ -25,6 +26,8 @@ import (
 	"github.com/vmware/harbor/src/common/utils"
 	"github.com/vmware/harbor/src/common/utils/log"
 	"github.com/vmware/harbor/src/ui/api"
+	"github.com/vmware/harbor/src/ui/config"
+	"github.com/vmware/harbor/src/ui/projectmanager/pms"
 
 	"github.com/astaxie/beego"
 )
@@ -103,6 +106,11 @@ func (n *NotificationHandler) Post() {
 				}
 			}()
 			go api.TriggerReplicationByRepository(repository, []string{tag}, models.RepOpTransfer)
+			if autoScanEnabled(project) {
+				if err := api.TriggerImageScan(repository, tag); err != nil {
+					log.Warningf("Failed to scan image, repository: %s, tag: %s, error: %v", repository, tag, err)
+				}
+			}
 		}
 		if action == "pull" {
 			go func() {
@@ -151,6 +159,27 @@ func filterEvents(notification *models.Notification) ([]*models.Event, error) {
 	return events, nil
 }
 
+func autoScanEnabled(projectName string) bool {
+	if !config.WithClair() {
+		log.Debugf("Auto Scan disabled because Harbor is not deployed with Clair")
+		return false
+	}
+	if config.WithAdmiral() {
+		//TODO get a project manager based on service account.
+		var pm *pms.ProjectManager = pms.NewProjectManager("", "")
+		p, err := pm.Get(projectName)
+		if err != nil {
+			log.Warningf("failed to get project, error: %v", err)
+			return false
+		} else if p == nil {
+			log.Warningf("project with name: %s not found.", projectName)
+			return false
+		}
+		return p.AutomaticallyScanImagesOnPush
+	}
+	return os.Getenv("ENABLE_HARBOR_SCAN_ON_PUSH") == "1"
+}
+
 // Render returns nil as it won't render any template.
 func (n *NotificationHandler) Render() error {
 	return nil