diff --git a/docs/docs/references/configuration/cli/trivy_sbom.md b/docs/docs/references/configuration/cli/trivy_sbom.md
index d02310513c4a..eceae83bc7ff 100644
--- a/docs/docs/references/configuration/cli/trivy_sbom.md
+++ b/docs/docs/references/configuration/cli/trivy_sbom.md
@@ -20,47 +20,47 @@ trivy sbom [flags] SBOM_PATH
 ### Options
 
 ```
-      --cache-backend string        cache backend (e.g. redis://localhost:6379) (default "fs")
-      --cache-ttl duration          cache TTL when using redis as cache backend
-      --clear-cache                 clear image caches without scanning
-      --compliance string           compliance report to generate
-      --custom-headers strings      custom headers in client mode
-      --db-repository string        OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
-      --download-db-only            download/update vulnerability database but don't run a scan
-      --download-java-db-only       download/update Java index database but don't run a scan
-      --exit-code int               specify exit code when any security issues are found
-      --exit-on-eol int             exit with the specified code when the OS reaches end of service/life
-      --file-patterns strings       specify config file patterns
-  -f, --format string               format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
-  -h, --help                        help for sbom
-      --ignore-policy string        specify the Rego file path to evaluate each vulnerability
-      --ignore-unfixed              display only fixed vulnerabilities
-      --ignorefile string           specify .trivyignore file (default ".trivyignore")
-      --java-db-repository string   OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
+      --cache-backend string          cache backend (e.g. redis://localhost:6379) (default "fs")
+      --cache-ttl duration            cache TTL when using redis as cache backend
+      --clear-cache                   clear image caches without scanning
+      --compliance string             compliance report to generate
+      --custom-headers strings        custom headers in client mode
+      --db-repository string          OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
+      --download-db-only              download/update vulnerability database but don't run a scan
+      --download-java-db-only         download/update Java index database but don't run a scan
+      --exit-code int                 specify exit code when any security issues are found
+      --exit-on-eol int               exit with the specified code when the OS reaches end of service/life
+      --file-patterns strings         specify config file patterns
+  -f, --format string                 format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
+  -h, --help                          help for sbom
+      --ignore-policy string          specify the Rego file path to evaluate each vulnerability
+      --ignore-unfixed                display only fixed vulnerabilities
+      --ignorefile string             specify .trivyignore file (default ".trivyignore")
+      --java-db-repository string     OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
       --keep-system-installed-files   keep system installed files in analysis result output
-      --list-all-pkgs               enabling the option will output all packages regardless of vulnerability
-      --no-progress                 suppress progress bar
-      --offline-scan                do not issue API requests to identify dependencies
-  -o, --output string               output file name
-      --redis-ca string             redis ca file location, if using redis as cache backend
-      --redis-cert string           redis certificate file location, if using redis as cache backend
-      --redis-key string            redis key file location, if using redis as cache backend
-      --redis-tls                   enable redis TLS with public certificates, if using redis as cache backend
-      --rekor-url string            [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
-      --reset                       remove all caches and database
-      --sbom-sources strings        [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
-      --server string               server address in client mode
-  -s, --severity string             severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
-      --skip-db-update              skip updating vulnerability database
-      --skip-dirs strings           specify the directories where the traversal is skipped
-      --skip-files strings          specify the file paths to skip traversal
-      --skip-java-db-update         skip updating Java index database
-      --slow                        scan over time with lower CPU and memory utilization
-  -t, --template string             output template
-      --token string                for authentication in client/server mode
-      --token-header string         specify a header name for token in client/server mode (default "Trivy-Token")
-      --vex string                  [EXPERIMENTAL] file path to VEX
-      --vuln-type strings           comma-separated list of vulnerability types (os,library) (default [os,library])
+      --list-all-pkgs                 enabling the option will output all packages regardless of vulnerability
+      --no-progress                   suppress progress bar
+      --offline-scan                  do not issue API requests to identify dependencies
+  -o, --output string                 output file name
+      --redis-ca string               redis ca file location, if using redis as cache backend
+      --redis-cert string             redis certificate file location, if using redis as cache backend
+      --redis-key string              redis key file location, if using redis as cache backend
+      --redis-tls                     enable redis TLS with public certificates, if using redis as cache backend
+      --rekor-url string              [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
+      --reset                         remove all caches and database
+      --sbom-sources strings          [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
+      --server string                 server address in client mode
+  -s, --severity string               severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
+      --skip-db-update                skip updating vulnerability database
+      --skip-dirs strings             specify the directories where the traversal is skipped
+      --skip-files strings            specify the file paths to skip traversal
+      --skip-java-db-update           skip updating Java index database
+      --slow                          scan over time with lower CPU and memory utilization
+  -t, --template string               output template
+      --token string                  for authentication in client/server mode
+      --token-header string           specify a header name for token in client/server mode (default "Trivy-Token")
+      --vex string                    [EXPERIMENTAL] file path to VEX
+      --vuln-type strings             comma-separated list of vulnerability types (os,library) (default [os,library])
 ```
 
 ### Options inherited from parent commands