diff --git a/.woodpecker.yml b/.woodpecker.yml
index 9079e47..96cfb98 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -38,10 +38,12 @@ steps:
   # Etape 2b : Generation SBOM (Syft) — inventaire des composants des images Docker
   # NOTE: volumes: et from_secret incompatibles dans le meme step — pas de secrets ici
   - name: sbom-generate
-    image: anchore/syft:latest
+    image: alpine:3.20
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     commands:
+      - apk add --no-cache curl
+      - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin latest
       - mkdir -p .reports
       - syft prestashop/prestashop:8-apache -o cyclonedx-json --file .reports/sbom-prestashop.cyclonedx.json
       - syft mariadb:10.11 -o cyclonedx-json --file .reports/sbom-mariadb.cyclonedx.json