diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index cff872f..535a1fa 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -16,6 +16,45 @@ env:
   API_KEY: ${{ secrets.API_KEY }}
 
 jobs:
+  run-cyclonedx:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Log in to the github container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Generate CycloneDX SBOM
+        run: |
+          docker pull ghcr.io/cyclonedx/cdxgen-python:v11
+          docker run --rm -e FETCH_LICENSE=true -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python310:v11 -r /app -o /app/sbom.json -t python --profile license-compliance
+      - name: Upload BOM to Dependency-Track
+        run: | 
+          curl -v -X POST https://${{ secrets.DEPENDENCYTRACK_HOSTNAME }}/api/v1/bom \
+            -H 'Content-Type: multipart/form-data' \
+            -H 'X-Api-Key: ${{ secrets.DEPENDENCYTRACK_APIKEY }}' \
+            -F 'autoCreate=true' \
+            -F 'projectName=python' \
+            -F 'projectVersion= ${{ github.sha }}' \
+            -F 'parentName=sift-python' \
+            -F 'isLatest=true' \
+            -F "bom=@sbom.json"
+      #- name: Upload BOM to Dependency-Track
+      #  uses: DependencyTrack/gh-upload-sbom@v3
+      #  with:
+      #    serverHostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}
+      #    apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+      #    projectName: 'python'
+      #    projectVersion: ${{ github.sha }}
+      #    bomFilename: "sbom.json"
+      #    autoCreate: true
+      #    parentName: 'sift-python'
+      #  env:
+      #    ACTIONS_STEP_DEBUG: true
+
   build-and-test-python3:
     runs-on: ubuntu-latest
     steps: