diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index d9f4d1307eea53caf2e637c3b6e324795c52fa3e..85daa427c953266b271f47fa6decf8c6f81592e7 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -751,7 +751,7 @@ docker-trivy:
     trivy image --clear-cache
     export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}}
     export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}
-    export basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
+    basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
     mkdir -p ./reports
     if [[ -z "${DOCKER_TRIVY_ADDR}" ]]; then
       log_warn "\\e[93mYou are using Trivy in standalone mode. To get faster scans, consider setting the DOCKER_TRIVY_ADDR variable to the address of a Trivy server. More info here: https://aquasecurity.github.io/trivy/latest/docs/references/modes/client-server/\\e[0m"
@@ -796,9 +796,9 @@ docker-sbom:
   dependencies: []
   script:
     - mkdir -p -m 777 reports
-    - dockerfile_hash=$(md5sum "$DOCKER_FILE" | cut -d" " -f1)
-    - /syft packages ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${dockerfile_hash}.cyclonedx.json
-    - chmod a+r reports/docker-sbom-${dockerfile_hash}.cyclonedx.json
+    - basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
+    - /syft packages ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json
+    - chmod a+r reports/docker-sbom-${basename}.cyclonedx.json
   artifacts:
     name: "SBOM for docker from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
     expire_in: 1 week