diff --git a/cmd/bashbrew/cmd-build.go b/cmd/bashbrew/cmd-build.go
index d0dc5adb..eabf54bf 100644
--- a/cmd/bashbrew/cmd-build.go
+++ b/cmd/bashbrew/cmd-build.go
@@ -108,7 +108,7 @@ func cmdBuild(c *cli.Context) error {
 						defer archive.Close()
 
 						if builder == "buildkit" {
-							err = dockerBuildxBuild(tags, entry.ArchFile(arch), archive, platform)
+							err = dockerBuildxBuild(tags, entry.ArchFile(arch), archive, platform, entry.SbomGenerator)
 						} else {
 							// TODO use "meta.StageNames" to do "docker build --target" so we can tag intermediate stages too for cache (streaming "git archive" directly to "docker build" makes that a little hard to accomplish without re-streaming)
 							err = dockerBuild(tags, entry.ArchFile(arch), archive, platform)
diff --git a/cmd/bashbrew/docker.go b/cmd/bashbrew/docker.go
index 8dd91552..15fd055f 100644
--- a/cmd/bashbrew/docker.go
+++ b/cmd/bashbrew/docker.go
@@ -300,7 +300,7 @@ const (
 	buildxBuilderEnv    = "BUILDX_BUILDER"
 )
 
-func dockerBuildxBuild(tags []string, file string, context io.Reader, platform string) error {
+func dockerBuildxBuild(tags []string, file string, context io.Reader, platform string, sbomGenerator string) error {
 	dockerfileSyntax, ok := os.LookupEnv(dockerfileSyntaxEnv)
 	if !ok {
 		return fmt.Errorf("missing %q", dockerfileSyntaxEnv)
@@ -316,7 +316,10 @@ func dockerBuildxBuild(tags []string, file string, context io.Reader, platform s
 	if buildxBuilder {
 		args = append(args, "--provenance", "mode=max")
 	}
-	if sbomGenerator, ok := os.LookupEnv(sbomGeneratorEnv); ok {
+	if sbomGenerator == "" {
+		sbomGenerator, _ = os.LookupEnv(sbomGeneratorEnv)
+	}
+	if sbomGenerator != "" {
 		if buildxBuilder {
 			args = append(args, "--sbom", "generator="+sbomGenerator)
 		} else {
diff --git a/manifest/rfc2822.go b/manifest/rfc2822.go
index c94cb992..68c444ac 100644
--- a/manifest/rfc2822.go
+++ b/manifest/rfc2822.go
@@ -38,12 +38,13 @@ type Manifest2822Entry struct {
 
 	Architectures []string `delim:"," strip:"\n\r\t "`
 
-	GitRepo   string
-	GitFetch  string
-	GitCommit string
-	Directory string
-	File      string
-	Builder   string
+	GitRepo       string
+	GitFetch      string
+	GitCommit     string
+	Directory     string
+	File          string
+	Builder       string
+	SbomGenerator string
 
 	// architecture-specific versions of the above fields
 	ArchValues map[string]string