diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a022b3b..99c49c2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -30,6 +30,9 @@ jobs:
       - run: pnpm run build
       - run: pnpm test
 
+      - name: Generate SBOM
+        run: pnpm sbom --sbom-format cyclonedx --prod > sbom.cdx.json
+
       - name: Generate changelog
         id: changelog
         run: |
@@ -42,7 +45,7 @@ jobs:
       - name: Create GitHub release
         env:
           GH_TOKEN: ${{ github.token }}
-        run: gh release create "${{ github.ref_name }}" --notes "${{ steps.changelog.outputs.notes }}"
+        run: gh release create "${{ github.ref_name }}" --notes "${{ steps.changelog.outputs.notes }}" sbom.cdx.json
 
       - name: Publish to npm
         run: pnpm publish --no-git-checks --provenance --access public
diff --git a/.gitignore b/.gitignore
index 62ccde4..1000111 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,6 @@ node_modules/
 dist/
 *.tsbuildinfo
 .DS_Store
+
+# SBOM generated during release
+sbom.cdx.json