diff --git a/modules/artifact-registry/README.md b/modules/artifact-registry/README.md
index 90853ab19..96638798f 100644
--- a/modules/artifact-registry/README.md
+++ b/modules/artifact-registry/README.md
@@ -300,19 +300,19 @@ module "additive_iam" {
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
 | [cleanup_policies](variables.tf#L17) | Object containing details about the cleanup policies for an Artifact Registry repository. | <code title="map&#40;object&#40;&#123;&#10;  action &#61; string&#10;  condition &#61; optional&#40;object&#40;&#123;&#10;    tag_state             &#61; optional&#40;string&#41;&#10;    tag_prefixes          &#61; optional&#40;list&#40;string&#41;&#41;&#10;    older_than            &#61; optional&#40;string&#41;&#10;    newer_than            &#61; optional&#40;string&#41;&#10;    package_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10;    version_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  most_recent_versions &#61; optional&#40;object&#40;&#123;&#10;    package_name_prefixes &#61; optional&#40;list&#40;string&#41;&#41;&#10;    keep_count            &#61; optional&#40;number&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;&#41;&#10;&#10;&#10;default &#61; null">map&#40;object&#40;&#123;&#8230;default &#61; null</code> | ✓ |  |
-| [format](variables.tf#L63) | Repository format. | <code title="object&#40;&#123;&#10;  apt &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; string &#35; &#34;BASE path&#34;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;  docker &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; optional&#40;string&#41;&#10;      common_repository &#61; optional&#40;string&#41;&#10;      custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;object&#40;&#123;&#10;      immutable_tags &#61; optional&#40;bool&#41;&#10;    &#125;&#41;&#41;&#10;    virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10;      repository &#61; string&#10;      priority   &#61; number&#10;    &#125;&#41;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  kfp &#61; optional&#40;object&#40;&#123;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;  generic &#61; optional&#40;object&#40;&#123;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;  go &#61; optional&#40;object&#40;&#123;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;  googet &#61; optional&#40;object&#40;&#123;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;  maven &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; optional&#40;string&#41;&#10;      custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;object&#40;&#123;&#10;      allow_snapshot_overwrites &#61; optional&#40;bool&#41;&#10;      version_policy            &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;    virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10;      repository &#61; string&#10;      priority   &#61; number&#10;    &#125;&#41;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  npm &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; optional&#40;string&#41;&#10;      custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;bool&#41;&#10;    virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10;      repository &#61; string&#10;      priority   &#61; number&#10;    &#125;&#41;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  python &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; optional&#40;string&#41;&#10;      custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;bool&#41;&#10;    virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10;      repository &#61; string&#10;      priority   &#61; number&#10;    &#125;&#41;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  yum &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; string &#35; &#34;BASE path&#34;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
-| [location](variables.tf#L213) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | <code>string</code> | ✓ |  |
-| [name](variables.tf#L218) | Registry name. | <code>string</code> | ✓ |  |
-| [project_id](variables.tf#L223) | Registry project id. | <code>string</code> | ✓ |  |
+| [format](variables.tf#L62) | Repository format. | <code title="object&#40;&#123;&#10;  apt &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; string &#35; &#34;BASE path&#34;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;  docker &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; optional&#40;string&#41;&#10;      common_repository &#61; optional&#40;string&#41;&#10;      custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;object&#40;&#123;&#10;      immutable_tags &#61; optional&#40;bool&#41;&#10;    &#125;&#41;&#41;&#10;    virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10;      repository &#61; string&#10;      priority   &#61; number&#10;    &#125;&#41;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  kfp &#61; optional&#40;object&#40;&#123;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;  generic &#61; optional&#40;object&#40;&#123;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;  go &#61; optional&#40;object&#40;&#123;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;  googet &#61; optional&#40;object&#40;&#123;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;  maven &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; optional&#40;string&#41;&#10;      custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;object&#40;&#123;&#10;      allow_snapshot_overwrites &#61; optional&#40;bool&#41;&#10;      version_policy            &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;    virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10;      repository &#61; string&#10;      priority   &#61; number&#10;    &#125;&#41;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  npm &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; optional&#40;string&#41;&#10;      custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;bool&#41;&#10;    virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10;      repository &#61; string&#10;      priority   &#61; number&#10;    &#125;&#41;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  python &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; optional&#40;string&#41;&#10;      custom_repository &#61; optional&#40;string&#41;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;bool&#41;&#10;    virtual &#61; optional&#40;map&#40;object&#40;&#123;&#10;      repository &#61; string&#10;      priority   &#61; number&#10;    &#125;&#41;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  yum &#61; optional&#40;object&#40;&#123;&#10;    remote &#61; optional&#40;object&#40;&#123;&#10;      public_repository &#61; string &#35; &#34;BASE path&#34;&#10;&#10;&#10;      disable_upstream_validation &#61; optional&#40;bool&#41;&#10;      upstream_credentials &#61; optional&#40;object&#40;&#123;&#10;        username                &#61; string&#10;        password_secret_version &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    standard &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
+| [location](variables.tf#L212) | Registry location. Use `gcloud beta artifacts locations list' to get valid values. | <code>string</code> | ✓ |  |
+| [name](variables.tf#L217) | Registry name. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L222) | Registry project id. | <code>string</code> | ✓ |  |
 | [cleanup_policy_dry_run](variables.tf#L38) | If true, the cleanup pipeline is prevented from deleting versions in this repository. | <code>bool</code> |  | <code>null</code> |
 | [description](variables.tf#L44) | An optional description for the repository. | <code>string</code> |  | <code>&#34;Terraform-managed registry&#34;</code> |
-| [enable_vulnerability_scanning](variables.tf#L50) | Whether vulnerability scanning should be enabled in the repository. | <code>bool</code> |  | <code>true</code> |
-| [encryption_key](variables.tf#L57) | The KMS key name to use for encryption at rest. | <code>string</code> |  | <code>null</code> |
+| [enable_vulnerability_scanning](variables.tf#L50) | Whether vulnerability scanning should be enabled in the repository. | <code>bool</code> |  | <code>null</code> |
+| [encryption_key](variables.tf#L56) | The KMS key name to use for encryption at rest. | <code>string</code> |  | <code>null</code> |
 | [iam](variables-iam.tf#L36) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [iam_bindings](variables-iam.tf#L43) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | <code title="map&#40;object&#40;&#123;&#10;  members &#61; list&#40;string&#41;&#10;  role    &#61; string&#10;  condition &#61; optional&#40;object&#40;&#123;&#10;    expression  &#61; string&#10;    title       &#61; string&#10;    description &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [iam_bindings_additive](variables-iam.tf#L58) | Individual additive IAM bindings. Keys are arbitrary. | <code title="map&#40;object&#40;&#123;&#10;  member &#61; string&#10;  role   &#61; string&#10;  condition &#61; optional&#40;object&#40;&#123;&#10;    expression  &#61; string&#10;    title       &#61; string&#10;    description &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [iam_by_principals](variables-iam.tf#L73) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [labels](variables.tf#L207) | Labels to be attached to the registry. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
+| [labels](variables.tf#L206) | Labels to be attached to the registry. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> |
 
 ## Outputs
 
diff --git a/modules/artifact-registry/main.tf b/modules/artifact-registry/main.tf
index 665b85602..aa47cbbbe 100644
--- a/modules/artifact-registry/main.tf
+++ b/modules/artifact-registry/main.tf
@@ -33,7 +33,11 @@ resource "google_artifact_registry_repository" "registry" {
   cleanup_policy_dry_run = var.cleanup_policy_dry_run
 
   vulnerability_scanning_config {
-    enablement_config = var.enable_vulnerability_scanning ? "INHERITED" : "DISABLED"
+    enablement_config = (
+      var.enable_vulnerability_scanning == true
+      ? "INHERITED"
+      : var.enable_vulnerability_scanning == false ? "DISABLED" : null
+    )
   }
 
   dynamic "cleanup_policies" {
diff --git a/modules/artifact-registry/variables.tf b/modules/artifact-registry/variables.tf
index 88c47215d..102b8374a 100644
--- a/modules/artifact-registry/variables.tf
+++ b/modules/artifact-registry/variables.tf
@@ -50,8 +50,7 @@ variable "description" {
 variable "enable_vulnerability_scanning" {
   description = "Whether vulnerability scanning should be enabled in the repository."
   type        = bool
-  default     = true
-  nullable    = false
+  default     = null
 }
 
 variable "encryption_key" {
