mulesoft · JennyHajee · Jan 9, 2026 · Jan 13, 2026 · Jan 13, 2026 · Jan 13, 2026
@@ -54,6 +54,11 @@
   ** xref:apicat-create-descriptor-file-manually.adoc[]
   ** xref:apicat-publish-using-api-catalog-cli.adoc[]
 * xref:about-administration-tasks.adoc[]
+** xref:discovering-and-importing-external-agents.adoc[]
+*** xref:adding-amazon-bedrock-scanner.adoc[]
+*** xref:adding-google-vertex-scanner.adoc[]
+*** xref:adding-microsoft-copilot-scanner.adoc[]
+*** xref:managing-scanners.adoc[]
 ** xref:importing-agentforce-agents.adoc[]
 ** xref:to-share-an-asset.adoc[]
  ** xref:managing-asset-deletion.adoc[]

@@ -0,0 +1,80 @@
+= Adding a Scanner for Amazon Bedrock
+ifndef::env-site,env-github[]
+include::_attributes.adoc[]
+endif::[]
+
+Add a scanner to discover, import, and sync agents from Amazon Bedrock into Exchange. Then you can govern the agents and consume them in other applications.
+
+== Before You Begin
+Before adding the scanner, verify that you have the permission, context, and these Amazon Bedrock credentials:
+
+* Exchange Administrator permission 
+* Knowledge about the Amazon Web Services region where the agents are deployed.
+* Amazon Bedrock access key ID
+* Amazon Bedrock secret access key
++
+You enter your Amazon Bedrock credentials when configuring the scanner in Exchange. For more information, see the Amazon Bedrock documentation.
+
+To create the inline policy, use this policy:
+
+[source,json]
+----
+{
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Sid": "BedrockAgentDiscoveryPermissions",
+			"Effect": "Allow",
+			"Action": [
+				"bedrock:ListAgents",
+				"bedrock:GetAgent",
+				"bedrock:ListAgentAliases",
+				"bedrock:GetAgentAlias",
+				"bedrock:ListAgentVersions",
+				"bedrock:GetAgentVersion",
+				"bedrock:InvokeModel",
+				"bedrock:InvokeAgent",
+				"bedrock:InvokeInlineAgent"
+			],
+			"Resource": "*"
+		}
+	]
+}
+----
+
+* To ensure the scanner discovers the agent, assign an alias and link it to a version. The scanner ignores agents without an invocable URL.
+
+== Add a Scanner for Amazon Bedrock 
+
+. Verify that you are in the business group where you want to add the scanner.
+. From the sidebar in Exchange, click *Agent Scanners*.
+. Enter a name for the scanner.
+. From *Scheduled Run Configuration*, complete these fields or options:
++
+[%header,cols="1,4"]
+|===
+|*Field/Option* |*Value*
+|*Run Schedule* |Select a frequency and time in UTC.
+|*Sync Review* |Select Auto-resolve.
+|===
+
+. From *Connection Configuration*, complete these fields:
++
+[%header,cols="1,4"]
+|===
+|*Field* |*Value*
+|*Agent Provider* |Select *Amazon Bedrock*.
+|*Authentication Method* |Select *Access key*.
+|*Access Key ID* |Enter the access key ID.
+|*Secret Access Key* |Enter the secret access key.
+|*AWS Region* |Select a region.
+|===
+
+. Click *Test Connection*.
++
+If the connection fails, review the *Connection Configuration* settings. Update the settings, and then test the connection again.
+. To send email notifications:
++
+.. Select *Advanced Settings* and turn on *Send Email Notifications*.
+.. Enter an email address.
+. Click *Add Scanner*.
@@ -0,0 +1,51 @@
+= Adding a Scanner for Google Vertex AI
+ifndef::env-site,env-github[]
+include::_attributes.adoc[]
+endif::[]
+
+Add a scanner to discover, import, and sync agents from Google Vertex AI into Exchange. Then you can govern the agents and consume them in other applications.  
+
+== Before You Begin
+Before adding the scanner, verify that you have the permission and these Google Vertex AI credentials:
+
+* Exchange Administrator permission 
+* Google Vertex AI project ID
+* Google Vertex AI secret access key
++
+You enter these Google Vertex AI credentials when configuring the scanner in Exchange. For more information about creating a service account key, see Google Vertex AI documentation.
+
+== Add a Scanner for Google Vertex AI
+
+. Verify that you are in the business group where you want to add the scanner.
+. From the sidebar in Exchange, click *Agent Scanners*.
+. Enter a name for the scanner.
+. From *Scheduled Run Configuration*, complete these fields or options:
++
+[%header,cols="1,4"]
+|===
+|*Field/Option* |*Value*
+|*Run Schedule* |Select a frequency and time in UTC.
+|*Sync Review* |Select Auto-resolve.
+|===
+
+. From *Connection Configuration*, complete these fields:
++
+[%header,cols="1,4"]
+|===
+|*Field* |*Value*
+|*Agent Provider* |Select *Google Vertex AI*.
+|*Authentication Method* |Select *Service Account*.
+|*Account Email* |Enter the email address.
+|*Project ID* |Enter the project ID.
+|*Secret Access Key* |Enter the access key.
+|*Location* |Select a location.
+|===
+
+. Click *Test Connection*.
++
+If the connection fails, review the *Connection Configuration* settings. Update the settings, and then test the connection again.
+. To send email notifications:
++
+.. Select *Advanced Settings* and turn on *Send Email Notifications*.
+.. Enter an email address.
+. Click *Add Scanner*.
@@ -0,0 +1,51 @@
+= Adding a Scanner for Microsoft Azure Copilot
+ifndef::env-site,env-github[]
+include::_attributes.adoc[]
+endif::[]
+
+Add a scanner to discover, import, and sync agents from Microsoft Azure Copilot into Exchange. Then you can govern the agents and consume them in other applications.
+
+== Before You Begin
+Before adding this scanner, verify that you have the permission and these Microsoft Azure Copilot credentials:
+
+* Exchange Administrator permission 
+* Microsoft Azure Copilot tenant ID
+* Microsoft Azure Copilot client ID 
+* Microsoft Azure Copilot client secret 
++
+You enter the Microsoft Azure Copilot credentials when configuring the scanner in Exchange. For more information, see the Microsoft Azure Copilot documentation.
+
+== Add a Scanner for Microsoft Azure Copilot
+
+. Verify that you are in the business group where you want to add the scanner.
+. From the sidebar in Exchange, click *Agent Scanners*.
+. Enter a name for the scanner.
+. From *Scheduled Run Configuration*, complete these fields or options:
++
+[%header,cols="1,4"]
+|===
+|*Field/Option* |*Value*
+|*Run Schedule* |Select a frequency and time in UTC.
+|*Sync Review* |Select *Auto-resolve*.
+|===
+. From *Connection Configuration*, complete these fields:
++
+[%header,cols="1,4"]
+|===
+|*Field* |*Value*
+|*Agent Provider* |Select *Microsoft Azure Copilot*.
+|*Authentication Method* |Select an option.
+|*Tenant ID* |Enter the tenant ID.
+|*Client ID* |Enter the client ID.
+|*Client Secret* |Enter the client secret.
+|*Scope* |Enter the URL.
+|===
+
+. Click *Test Connection*.
++
+If the connection fails, review the *Connection Configuration* settings. Update the settings, and then test the connection again.
+. To send email notifications:
++
+.. Select *Advanced Settings* and turn on *Send Email Notifications*.
+.. Enter an email address.
+. Click *Add Scanner*.
@@ -0,0 +1,43 @@
+= Discovering and Importing External Agents With Scanners
+ifndef::env-site,env-github[]
+include::_attributes.adoc[]
+endif::[]
+
+Use agent scanners to automatically discover and import agents from outside Anypoint Platform. Scanners inspect agent ecosystems on diverse platforms to provide enterprise-grade governance and visibility through MuleSoft Agent Fabric. They extract metadata from agents and tools and synchronize the information with the Agent Fabric registry in Anypoint Exchange.
+
+Create a scanner to connect to external provider platforms and transform native metadata into the canonical Agent-to-Agent (A2A) format. The system detects updates and resolves conflicts to maintain a single source of truth. This secure, metadata-first integration operates as a read-only mechanism to avoid complexity and permission challenges in external systems.
+
+Add and configure a scanner to discover and import agents. Schedule scans to run at specific intervals and configure the connection and email notifications. After a scan is complete, view a summary of added agents and the scan history.
+
+Scanners add supported agents to *Agents & Tools* as agent asset types. They detect new and missing agents and identify metadata updates. Subsequent scans overwrite metadata changes and restore agents deleted from Exchange. To retain changes, update the asset in the agent provider‘s source.
+
+After you add a scanner to a business group, you can't move the scanner or its assets to another group. View a list of scanners on the *Agent Scanners* page. The list displays information about the scanner status, name, agent provider, the last run status, the next run, and the added agents.
+
+image:agent-scanner-list.png["Agent Scanners page showing a list of scanners"]
+
+Agent scanners support these providers:
+
+* Amazon Bedrock 
+* Google Vertex AI
+* Microsoft Copilot Studio
+
+== Security and Data Retention
+
+Agent scanners register agent assets as read-only because the data originated from the agent provider’s platform. Sensitive information, such as API keys and tokens, are securely stored in Anypoint Security secrets manager. To maintain compliance, create credentials with limited permissions. Scanners don't write data to your source system, but read-only access ensures the highest security.
+
+The system retains scan logs and statuses for at least 90 days and never deletes the most recent successful run. 
+
+Scanners enforce these limits:
+
+* Frequency: Once daily
+* Retrieval: 1,200 agents per runtime limit
+* Runtime: 6 hours
++
+If a scan exceeds the runtime limit, the scanner saves the progress and continues the scan the next time it runs.
+
+== Before You Begin Adding a Scanner
+
+Make sure you have the permissions and access:
+
+* Exchange Administrator permission 
+* Verify that you are in the business group where you want to add the scanner.
@@ -5,7 +5,7 @@ endif::[]
 :imagesdir: ../assets/images/
 :page-aliases: general::getting-started:anypoint-exchange.adoc, ex-ref-raml.adoc, about-exchange1.adoc, exchange1.adoc, exchange1-faq.adoc
 
-Anypoint Exchange is a curated catalog of reusable assets. Agents, APIs, API groups, API spec fragments, custom assets, examples, GraphQL APIs, large language models (LLMs), Model Control Protocol (MCP) servers, integration assets such as connectors, policies, RPA assets, rulesets, and templates are some of the types that are supported in Exchange. See xref:asset-types.adoc[Asset Types] for more information about each type of asset. You can catalog (publish), share, discover, learn about, and reuse assets within your organization of developers to facilitate collaboration, boost productivity, and promote standards.
+Anypoint Exchange is a curated catalog of reusable assets. See xref:asset-types.adoc[Asset Types] for more information about each type of asset that's supported. You can catalog (publish), share, discover, learn about, and reuse assets within your organization of developers to facilitate collaboration, boost productivity, and promote standards.
 
 image:exchange-landing-page.png["Exchange catalog showing assets provided by MuleSoft"]
 
@@ -51,7 +51,6 @@ Watch the Anypoint Exchange Product Spotlight video to see a quick overview of E
 include::_partials/exchange-spotlight-video.html[]
 ++++
 
-
 == View Assets by Business Group
 
 A system administrator groups individuals within an organization into business groups. Each group has its own Exchange assets. 
@@ -96,12 +95,15 @@ All features of Anypoint Exchange are supported on Japan and Canada control plan
 +
 To download files from Japan or Canada control planes, use these URLs:
 
-** Canada S3 Bucket URL: https://exchange-asset-manager-d1937357035a847d2ec3.s3.ca-central-1.amazonaws.com
-** Japan S3 Bucket URL: https://exchange-asset-manager-bf62561aafed7e20740f.s3.ap-northeast-1.amazonaws.com
+** Canada S3 Bucket URL: +https://exchange-asset-manager-d1937357035a847d2ec3.s3.ca-central-1.amazonaws.com+
+** Japan S3 Bucket URL: +https://exchange-asset-manager-bf62561aafed7e20740f.s3.ap-northeast-1.amazonaws.com+
 
 
 == See Also
 
+* xref:discovering-and-importing-external-agents.adoc[Discovering and Importing External Agents With Scanners]
+* xref:agent-fabric::index.adoc[Agent Fabric]
+* xref:anypoint-code-builder::af-agent-networks.adoc[Agent Network Projects]
 * xref:release-notes::exchange/anypoint-exchange-release-notes.adoc[Anypoint Exchange Release Notes]
 * https://forums.mulesoft.com[MuleSoft Forum]
 * https://help.mulesoft.com[MuleSoft Help Center]
@@ -0,0 +1,109 @@
+= Managing Scanners In Exchange
+ifndef::env-site,env-github[]
+include::_attributes.adoc[]
+endif::[]
+
+To view and manage your agent scanners, click *Agent Scanners* in the sidebar of Exchange.
+
+You can perform these actions to manage scanners:
+
+* xref:managing-scanners.adoc#run-a-scanner[Run a scanner]
+* xref:managing-scanners.adoc#view-scanner-details[View scanner details]
+* xref:managing-scanners.adoc#abort-scans[Abort a scan]
+* xref:managing-scanners.adoc#delete-a-scanner[Delete a scanner]
+* xref:managing-scanners.adoc#edit-scanner-configuration[Edit a scanner configuration]
+* xref:managing-scanners.adoc#view-audit-logs[View audit logs]
+
+[[run-a-scanner]]
+== Run a Scanner
+Run the scanner manually to capture new agents and add them to Exchange. 
+Scanners run once daily and retrieve up to 1,200 agents per scan, with a maximum runtime of 6 hours. Exchange retains scan logs and statuses for at least 90 days and never deletes the most recent run. Run one scan at a time for each agent provider.
+
+. From the sidebar in Exchange, click *Agent Scanners*.
+. Find the scanner in the list, click the more options icon (image:more-options-icon.png[2%,2%]) and then select *Run Now*.
++
+The scan waits in the queue until the current scan finishes.
+
+[[view-scanner-details]]
+== View Scanner Details
+View a list of scanners and the details about their scans. The *Agent Scanners* page lists the scanners added for the business group. The scanner details show information about the scanner, connection, last completed run, and scan history.
+
+Scanner statuses are:
+
+* Scheduled
+* Paused
+* Queued
+* Running
+* Importing
+* Stopped
+
+To see more information about a scanner and its scan details, from the sidebar in Exchange, click *Agent Scanners* and click the name of a scanner from the list.
+
+Here's an example details page:
+
+image:scanner-details.png["Agent Scanner details page showing a list of scanners"]
+
+The *Actions* menu on the scanner details page includes these options, depending on the scanner status:
+
+[%header,cols="1,4"]
+|===
+|*Scanner Status* |*Actions Menu Options*
+|Scheduled or Paused |Run Now
+|Edit Scanner
+|Delete Scanner
+|Queued, Running, or Importing |Abort Scan
+|Stopped |Edit Scanner
+|Delete Scanner
+|===
+
+[[abort-scans]]
+== Abort Scans
+Abort scans for a scanner when its status is queued, running, or importing. When the scan is aborted, the status is updated to stopped.
+
+* To abort a scan from the *Agent Scanners* page:
++
+. From the sidebar in Exchange, click *Agent Scanners*.
+. Find the scanner in the list, click the more options icon (image:more-options-icon.png[2%,2%]) and then select *Abort Scan*.
+
+* To abort a scan from the scanner details page, click *Actions* and then select *Abort Scan*. 
+
+[[delete-a-scanner]]
+== Delete a Scanner
+Delete an unused scanner when its status is scheduled, paused or stopped. Choose whether to keep or delete the agents associated with the scanner. Imported assets remain in Exchange if instances exist in API Manager.
+
+. From the sidebar in Exchange, click *Agent Scanners*.
+. Find the scanner in the list, click the more options icon (image:more-options-icon.png[2%,2%]) and then select *Delete Scanner*.
+. Choose whether to keep or delete imported agents and click *Delete*.
+
+[[edit-scanner-configuration]]
+== Edit Scanner Configuration
+Edit settings for a scanner with a status of scheduled, paused, or stopped, and turn scheduled scans on or off.
+
+* To edit a scanner from the *Agent Scanners* page:
++
+. From the sidebar in Exchange, click *Agent Scanners*.
+. Find the scanner in the list, click the more options icon (image:more-options-icon.png[2%,2%]) and then select *Edit Scanner*.
+. Make your changes, and click *Update*.
+
+* To edit a scanner from the scanner details page:
++
+. Click *Actions* and then select *Edit Scanner*.
+. Make your changes, and click *Update*.
+
+[[view-audit-logs]]
+== View Audit Logs
+View audit logs for scanners. In the audit log, view scan details, such as agents that were imported, updated, removed, and already in Exchange, and unsuccessful scans. The available tabs depend on the scan results.
+
+Here's an example audit log:
+
+image:scanner-audit-log.png["Audit log showing details of a scan event"]
+
+. From the sidebar in Exchange, click *Agent Scanners*.
+. Select the scanner from the list.
+. Select an event from *Scan History*. 
+. To view imported agents, click the *Imported* tab.
+. To view updated agents with newer versions available, click the *Updated* tab.
+. To view agents removed from Exchange because they’re missing from the provider, click the *Removed* tab.
+. To view agents that are found in the agent provider’s system and already in Exchange, click the *Already in Exchange* tab.
+. To view unsuccessful scans, click the *Unsuccessful* tab.
+
@@ -92,4 +92,4 @@ The public portal customization for the organization's branding applies to the l
 
 * xref:portal-vanity-domain.adoc[Public Portal Vanity Domain]
 * xref:to-describe-an-asset.adoc[Describe an Asset]
-* https://stackoverflow.com/questions/4014823/does-a-favicon-have-to-be-32x32-or-16x16[Stack Overflow Favicon discussion]
+* +https://stackoverflow.com/questions/4014823/does-a-favicon-have-to-be-32x32-or-16x16+[Stack Overflow Favicon discussion]