The changes from https://github.com/dotnet/docker-tools/pull/1787 add a reference to a pinned image tag of the syft tool: https://github.com/dotnet/docker-tools/blob/810e5c9104d77987bca01db48cb5e908ce27aa5e/eng/common/templates/variables/docker-images.yml#L7 There should be automation which keeps this updated to reference the latest version. One way to do this is by using [Renovate](https://github.com/dotnet/arcade/pull/15594).
