diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index 3cf80f5..b77a94f 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -8,10 +8,10 @@ on:
       - 8.0-22.04
 
 jobs:
-  build:
-    uses: ./.github/workflows/build.yaml
+  sbom:
+    uses: ./.github/workflows/sbom.yaml
   publish:
-    needs: build
+    needs: sbom
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml
new file mode 100644
index 0000000..01691df
--- /dev/null
+++ b/.github/workflows/sbom.yaml
@@ -0,0 +1,32 @@
+name: Generate SBOM
+on:
+  workflow_call:
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yaml
+  sbom:
+    needs: build
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install Syft
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/anchore/syft/4fc17edd146af34ab06f5b0443ef8ddac3aaf076/install.sh | sh -s -- -b /usr/local/bin
+      - name: Set tag
+        run: |
+          version=$(yq '(.version|split("-"))[0]' rockcraft.yaml)
+          base=$(yq '(.base|split(":"))[1]' rockcraft.yaml)
+          echo "tag=${version}-${base}_edge" >> "$GITHUB_ENV"
+      - uses: actions/download-artifact@v3
+        with:
+          name: charmed-mysql-rock
+      - name: Create SBOM
+        run: syft charmed-mysql_${{env.tag}}_amd64.rock -o spdx-json=charmed-mysql_${{env.tag}}_amd64.rock.spdx.json
+      - name: Upload SBOM
+        uses: actions/upload-artifact@v3
+        with:
+          path: "charmed-mysql_${{env.tag}}_amd64.rock.spdx.json"
+          name: charmed-mysql_${{env.tag}}_amd64.rock.spdx.json