diff --git a/apps/cnquery/cmd/scan.go b/apps/cnquery/cmd/scan.go
index 05c9204ced..4f48cd3895 100644
--- a/apps/cnquery/cmd/scan.go
+++ b/apps/cnquery/cmd/scan.go
@@ -146,8 +146,6 @@ type scanConfig struct {
 	Props          map[string]string
 	Bundle         *explorer.Bundle
 	runtime        *providers.Runtime
-	// annotations that will be applied to all discovered assets
-	annotations map[string]string
 
 	IsIncognito bool
 }
@@ -165,11 +163,6 @@ func getCobraScanConfig(cmd *cobra.Command, runtime *providers.Runtime, cliRes *
 		log.Fatal().Err(err).Msg("failed to parse props")
 	}
 
-	inv, err := inventoryloader.ParseOrUse(cliRes.Asset, viper.GetBool("insecure"))
-	if err != nil {
-		log.Fatal().Err(err).Msg("failed to parse inventory")
-	}
-
 	annotations, err := cmd.Flags().GetStringToString("annotation")
 	if err != nil {
 		log.Fatal().Err(err).Msg("failed to parse annotations")
@@ -183,6 +176,11 @@ func getCobraScanConfig(cmd *cobra.Command, runtime *providers.Runtime, cliRes *
 	for k, v := range annotations {
 		optAnnotations[k] = v
 	}
+	inv, err := inventoryloader.ParseOrUse(cliRes.Asset, viper.GetBool("insecure"), optAnnotations)
+	if err != nil {
+		log.Fatal().Err(err).Msg("failed to parse inventory")
+	}
+
 	conf := scanConfig{
 		Features:       opts.GetFeatures(),
 		IsIncognito:    viper.GetBool("incognito"),
@@ -191,7 +189,6 @@ func getCobraScanConfig(cmd *cobra.Command, runtime *providers.Runtime, cliRes *
 		QueryPackNames: viper.GetStringSlice("querypacks"),
 		Props:          props,
 		runtime:        runtime,
-		annotations:    optAnnotations,
 	}
 
 	// if users want to get more information on available output options,
@@ -310,7 +307,6 @@ func RunScan(config *scanConfig) (*explorer.ReportCollection, error) {
 				Bundle:           config.Bundle,
 				QueryPackFilters: config.QueryPackNames,
 				Props:            config.Props,
-				Annotations:      config.annotations,
 			})
 	}
 	return scanner.Run(
@@ -320,7 +316,6 @@ func RunScan(config *scanConfig) (*explorer.ReportCollection, error) {
 			Bundle:           config.Bundle,
 			QueryPackFilters: config.QueryPackNames,
 			Props:            config.Props,
-			Annotations:      config.annotations,
 		})
 }
 
diff --git a/cli/inventoryloader/inventory.go b/cli/inventoryloader/inventory.go
index 6f6ff25707..4288a108d6 100644
--- a/cli/inventoryloader/inventory.go
+++ b/cli/inventoryloader/inventory.go
@@ -136,10 +136,11 @@ func parseDomainListInventory(data []byte) (*inventory.Inventory, error) {
 
 // ParseOrUse tries to load the inventory and if nothing exists it
 // will instead use the provided asset.
-func ParseOrUse(cliAsset *inventory.Asset, insecure bool) (*inventory.Inventory, error) {
+func ParseOrUse(cliAsset *inventory.Asset, insecure bool, annotations map[string]string) (*inventory.Inventory, error) {
 	var v1inventory *inventory.Inventory
 	var err error
 
+	cliAsset.AddAnnotations(annotations)
 	// parses optional inventory file if inventory was not piped already
 	v1inventory, err = Parse()
 	if err != nil {
diff --git a/explorer/scan/cnquery_explorer_scan.pb.go b/explorer/scan/cnquery_explorer_scan.pb.go
index 1160c57803..bc17ba19f2 100644
--- a/explorer/scan/cnquery_explorer_scan.pb.go
+++ b/explorer/scan/cnquery_explorer_scan.pb.go
@@ -35,8 +35,6 @@ type Job struct {
 	DoRecord         bool                 `protobuf:"varint,20,opt,name=do_record,json=doRecord,proto3" json:"do_record,omitempty"`
 	QueryPackFilters []string             `protobuf:"bytes,21,rep,name=query_pack_filters,json=queryPackFilters,proto3" json:"query_pack_filters,omitempty"`
 	Props            map[string]string    `protobuf:"bytes,22,rep,name=props,proto3" json:"props,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	// annotations that will be applied to all assets in the job
-	Annotations map[string]string `protobuf:"bytes,23,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 }
 
 func (x *Job) Reset() {
@@ -106,13 +104,6 @@ func (x *Job) GetProps() map[string]string {
 	return nil
 }
 
-func (x *Job) GetAnnotations() map[string]string {
-	if x != nil {
-		return x.Annotations
-	}
-	return nil
-}
-
 var File_cnquery_explorer_scan_proto protoreflect.FileDescriptor
 
 var file_cnquery_explorer_scan_proto_rawDesc = []byte{
@@ -124,7 +115,7 @@ var file_cnquery_explorer_scan_proto_rawDesc = []byte{
 	0x2f, 0x69, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
 	0x1a, 0x1f, 0x65, 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72, 0x2f, 0x63, 0x6e, 0x71, 0x75, 0x65,
 	0x72, 0x79, 0x5f, 0x65, 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x22, 0xc7, 0x03, 0x0a, 0x03, 0x4a, 0x6f, 0x62, 0x12, 0x3d, 0x0a, 0x09, 0x69, 0x6e, 0x76,
+	0x6f, 0x22, 0xb8, 0x02, 0x0a, 0x03, 0x4a, 0x6f, 0x62, 0x12, 0x3d, 0x0a, 0x09, 0x69, 0x6e, 0x76,
 	0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63,
 	0x6e, 0x71, 0x75, 0x65, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73,
 	0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x09, 0x69,
@@ -140,22 +131,13 @@ var file_cnquery_explorer_scan_proto_rawDesc = []byte{
 	0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x63, 0x6e, 0x71, 0x75, 0x65, 0x72, 0x79, 0x2e, 0x65,
 	0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72, 0x2e, 0x73, 0x63, 0x61, 0x6e, 0x2e, 0x4a, 0x6f, 0x62,
 	0x2e, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x70, 0x72, 0x6f,
-	0x70, 0x73, 0x12, 0x4d, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x18, 0x17, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x63, 0x6e, 0x71, 0x75, 0x65, 0x72,
-	0x79, 0x2e, 0x65, 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72, 0x2e, 0x73, 0x63, 0x61, 0x6e, 0x2e,
-	0x4a, 0x6f, 0x62, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45,
-	0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x1a, 0x38, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
-	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3e, 0x0a, 0x10, 0x41,
-	0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65,
-	0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x28, 0x5a, 0x26, 0x67,
-	0x6f, 0x2e, 0x6d, 0x6f, 0x6e, 0x64, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6e, 0x71,
-	0x75, 0x65, 0x72, 0x79, 0x2f, 0x76, 0x39, 0x2f, 0x65, 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72,
-	0x2f, 0x73, 0x63, 0x61, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x70, 0x73, 0x1a, 0x38, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b,
+	0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x28, 0x5a, 0x26,
+	0x67, 0x6f, 0x2e, 0x6d, 0x6f, 0x6e, 0x64, 0x6f, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6e,
+	0x71, 0x75, 0x65, 0x72, 0x79, 0x2f, 0x76, 0x39, 0x2f, 0x65, 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65,
+	0x72, 0x2f, 0x73, 0x63, 0x61, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -170,24 +152,22 @@ func file_cnquery_explorer_scan_proto_rawDescGZIP() []byte {
 	return file_cnquery_explorer_scan_proto_rawDescData
 }
 
-var file_cnquery_explorer_scan_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
+var file_cnquery_explorer_scan_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
 var file_cnquery_explorer_scan_proto_goTypes = []interface{}{
 	(*Job)(nil),                 // 0: cnquery.explorer.scan.Job
 	nil,                         // 1: cnquery.explorer.scan.Job.PropsEntry
-	nil,                         // 2: cnquery.explorer.scan.Job.AnnotationsEntry
-	(*inventory.Inventory)(nil), // 3: cnquery.providers.v1.Inventory
-	(*explorer.Bundle)(nil),     // 4: cnquery.explorer.Bundle
+	(*inventory.Inventory)(nil), // 2: cnquery.providers.v1.Inventory
+	(*explorer.Bundle)(nil),     // 3: cnquery.explorer.Bundle
 }
 var file_cnquery_explorer_scan_proto_depIdxs = []int32{
-	3, // 0: cnquery.explorer.scan.Job.inventory:type_name -> cnquery.providers.v1.Inventory
-	4, // 1: cnquery.explorer.scan.Job.bundle:type_name -> cnquery.explorer.Bundle
+	2, // 0: cnquery.explorer.scan.Job.inventory:type_name -> cnquery.providers.v1.Inventory
+	3, // 1: cnquery.explorer.scan.Job.bundle:type_name -> cnquery.explorer.Bundle
 	1, // 2: cnquery.explorer.scan.Job.props:type_name -> cnquery.explorer.scan.Job.PropsEntry
-	2, // 3: cnquery.explorer.scan.Job.annotations:type_name -> cnquery.explorer.scan.Job.AnnotationsEntry
-	4, // [4:4] is the sub-list for method output_type
-	4, // [4:4] is the sub-list for method input_type
-	4, // [4:4] is the sub-list for extension type_name
-	4, // [4:4] is the sub-list for extension extendee
-	0, // [0:4] is the sub-list for field type_name
+	3, // [3:3] is the sub-list for method output_type
+	3, // [3:3] is the sub-list for method input_type
+	3, // [3:3] is the sub-list for extension type_name
+	3, // [3:3] is the sub-list for extension extendee
+	0, // [0:3] is the sub-list for field type_name
 }
 
 func init() { file_cnquery_explorer_scan_proto_init() }
@@ -215,7 +195,7 @@ func file_cnquery_explorer_scan_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_cnquery_explorer_scan_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   3,
+			NumMessages:   2,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/explorer/scan/cnquery_explorer_scan.proto b/explorer/scan/cnquery_explorer_scan.proto
index c266a3b53e..0a7f626a2d 100644
--- a/explorer/scan/cnquery_explorer_scan.proto
+++ b/explorer/scan/cnquery_explorer_scan.proto
@@ -16,7 +16,5 @@ message Job {
   bool do_record = 20;
   repeated string query_pack_filters = 21;
   map<string,string> props = 22;
-  // annotations that will be applied to all assets in the job
-  map<string,string> annotations = 23;
 }
 
diff --git a/explorer/scan/local_scanner.go b/explorer/scan/local_scanner.go
index 4073a345c1..e6f731eec5 100644
--- a/explorer/scan/local_scanner.go
+++ b/explorer/scan/local_scanner.go
@@ -210,9 +210,10 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up
 			continue
 		}
 
-		// for all discovered assets, we apply mondoo-specific labels that come from the root asset
+		// for all discovered assets, we apply mondoo-specific labels and annotations that come from the root asset
 		for _, a := range runtime.Provider.Connection.GetInventory().GetSpec().GetAssets() {
 			a.AddMondooLabels(asset)
+			a.AddAnnotations(asset.GetAnnotations())
 		}
 		processedAssets, err := providers.ProcessAssetCandidates(runtime, runtime.Provider.Connection, upstream, "")
 		if err != nil {
@@ -273,7 +274,6 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up
 
 	justAssets := []*inventory.Asset{}
 	for _, asset := range assets {
-		asset.asset.AddAnnotations(job.GetAnnotations())
 		asset.asset.KindString = asset.asset.GetPlatform().Kind
 		justAssets = append(justAssets, asset.asset)
 	}