diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f967dd5..3eb4e6d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -114,6 +114,8 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         if: ${{ startsWith(github.ref, 'refs/tags/') }}
+      - name: Download Syft
+        uses: anchore/sbom-action/download-syft@v0.11.0
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v3
         with:
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 9dc4ee1..5877711 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -2,6 +2,7 @@ before:
   hooks:
     - go mod tidy
     - go mod verify
+
 builds:
   - env:
       - CGO_ENABLED=0
@@ -32,14 +33,21 @@ builds:
       - all=-trimpath={{.Env.GOPATH}}
     asmflags:
       - all=-trimpath={{.Env.GOPATH}}
+
+sboms:
+  - artifacts: archive
+
 archives:
 - format_overrides:
     - goos: windows
       format: zip
+
 checksum:
   name_template: 'sha256sums.txt'
+
 changelog:
   skip: true
+
 brews:
   - tap:
       owner: nginxinc