diff --git a/.woodpecker.yml b/.woodpecker.yml
index 5675906..832c367 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -48,10 +48,14 @@ steps:
   # Utilise l'image officielle anchore/syft pour eviter le bug d'auto-detection
   # de container (signal Go imprime en adresse memoire sur alpine + curl install)
   - name: sbom-generate
-    image: anchore/syft:v1.42.3
+    image: alpine:3.20
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      SYFT_VERSION: "1.42.3"
     commands:
+      - apk add --no-cache curl tar
+      - curl -sSfL "https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_linux_amd64.tar.gz" | tar xz -C /usr/local/bin syft
       - mkdir -p .reports
       - syft packages docker:g1flux:latest -o cyclonedx-json=.reports/sbom-app.cyclonedx.json
       - echo "SBOM genere"