diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 2d93d280690..9cb10e57905 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -126,6 +126,14 @@ jobs:
         env:
           COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
 
+      - uses: anchore/sbom-action@v0
+        with:
+          image: dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
+
+      - uses: anchore/sbom-action@v0
+        with:
+          image: ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
+
       - name: Move cache
         run: |
           rm -rf /tmp/.buildx-cache
diff --git a/.goreleaser.yml b/.goreleaser.yml
index e38fdaa4986..9e0d9ec005f 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -8,6 +8,9 @@ before:
     - make build-manager-console
     - go mod download
 
+sboms:
+  - artifacts: binary
+
 builds:
   - main: ./cmd/dfget
     id: dfget