diff --git a/.test/meta-commands/out.sh b/.test/meta-commands/out.sh
index eeb1980..44c0218 100644
--- a/.test/meta-commands/out.sh
+++ b/.test/meta-commands/out.sh
@@ -144,7 +144,7 @@ SOURCE_DATE_EPOCH=1709081058 \
 	--load=false \
 	--provenance=false \
 	--build-arg BUILDKIT_DOCKERFILE_CHECK=skip=all \
-	--sbom=generator="$BASHBREW_BUILDKIT_SBOM_GENERATOR" \
+	--sbom="generator=$BASHBREW_BUILDKIT_SBOM_GENERATOR","EXTRA_SCANNERS=$BASHBREW_BUILDKIT_EXTRA_SCANNERS" \
 	--output 'type=oci,tar=false,dest=sbom' \
 	--platform 'linux/amd64' \
 	--build-context "fake=oci-layout://$PWD/temp@$originalImageManifest" \
diff --git a/meta.jq b/meta.jq
index 6a3207b..91d9e82 100644
--- a/meta.jq
+++ b/meta.jq
@@ -143,7 +143,7 @@ def build_command:
 					"docker buildx build --progress=plain",
 					"--provenance=mode=max",
 					if build_should_sbom then
-						"--sbom=generator=\"$BASHBREW_BUILDKIT_SBOM_GENERATOR\""
+						"--sbom=\"generator=$BASHBREW_BUILDKIT_SBOM_GENERATOR\",\"EXTRA_SCANNERS=$BASHBREW_BUILDKIT_EXTRA_SCANNERS"
 					else empty end,
 					"--output " + (
 						[
@@ -328,7 +328,7 @@ def build_command:
 						"docker buildx build --progress=plain",
 						"--load=false", "--provenance=false", # explicitly disable a few features we want to avoid
 						"--build-arg BUILDKIT_DOCKERFILE_CHECK=skip=all", # disable linting (https://github.com/moby/buildkit/pull/4962)
-						"--sbom=generator=\"$BASHBREW_BUILDKIT_SBOM_GENERATOR\"",
+						"--sbom=\"generator=$BASHBREW_BUILDKIT_SBOM_GENERATOR\",\"EXTRA_SCANNERS=$BASHBREW_BUILDKIT_EXTRA_SCANNERS",
 						"--output 'type=oci,tar=false,dest=sbom'",
 						# TODO also add appropriate "--tag" lines (which would give us a mostly correct "subject" block in the generated SBOM, but we'd then need to replace instances of ${sbomImageManifest#*:} with ${originalImageManifest#*:} for their values to be correct)
 						@sh "--platform \(.source.arches[.build.arch].platformString)",