diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a5f25d2..546d1a1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -273,6 +273,48 @@ run-vulnerability-scan:
 #    - docker tag $CONTAINER_TEST_IMAGE psono/security-scans:psono-server-ce-$CI_COMMIT_REF_NAME
 #    - docker push psono/security-scans:psono-server-ce-$CI_COMMIT_REF_NAME
 
+
+
+build-sbom:
+  except:
+    - schedules
+  stage: test
+  image: psono-docker.jfrog.io/ubuntu:22.04
+  services:
+    - name: docker:25-dind
+      alias: docker
+      command: ["--tls=false"]
+  variables:
+    DOCKER_DRIVER: overlay2
+    DOCKER_HOST: tcp://docker:2375/
+    DOCKER_TLS_CERTDIR: ""
+  script:
+    - apt-get update || true
+    - apt install -y curl ca-certificates iptables libdevmapper1.02.1 python3 python3-pip
+    - pip3 install requests
+    - curl -fSL "https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/amd64/containerd.io_1.6.28-1_amd64.deb" -o containerd.deb && echo "3fcc3e44e6d507c346ae05bbaef8f4bb04dfa8da9f04af658537f7e373c91340 containerd.deb" | sha256sum -c -
+    - curl -fSL "https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/amd64/docker-buildx-plugin_0.12.1-1~ubuntu.22.04~jammy_amd64.deb" -o docker-buildx-plugin.deb && echo "3fb7cd11fd9bf7c31d81c1afa96c023519d9e6e17422192aa4d0aa2767ed0776 docker-buildx-plugin.deb" | sha256sum -c -
+    - curl -fSL "https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/amd64/docker-ce-cli_25.0.3-1~ubuntu.22.04~jammy_amd64.deb" -o docker-ce-cli.deb && echo "624abe860a3d9dd190c278263b3ae115d54ce1135774a79f84026a6ec6ebafd1 docker-ce-cli.deb" | sha256sum -c -
+    - curl -fSL "https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/amd64/docker-ce_25.0.3-1~ubuntu.22.04~jammy_amd64.deb" -o docker-ce.deb && echo "63c7703814558a829ab3cc37c8018c050c9dad56f99c261090500f6c87821fd1 docker-ce.deb" | sha256sum -c -
+    - dpkg -i ./containerd.deb ./docker-ce.deb ./docker-ce-cli.deb ./docker-buildx-plugin.deb
+    - docker info
+    - echo $CI_JOB_TOKEN | docker login --username=gitlab-ci-token --password-stdin registry.gitlab.com
+    - docker pull $CONTAINER_TEST_IMAGE
+    - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
+    - syft scan psono/psono-combo-enterprise:latest -o cyclonedx-json > sbom.json
+    - mv /builds/psono/psono-server/sbom.json ../
+    - rm -Rf *
+    - rm -Rf .* 2> /dev/null || true
+    - mv ../sbom.json ./
+  artifacts:
+    name: "sbom_$CI_COMMIT_REF_NAME"
+    paths:
+      - ./*
+  only:
+    - branches@psono/psono-server
+    - /^v[0-9]*\.[0-9]*\.[0-9]*$/
+
+
 release-container:
   except:
     - schedules
@@ -357,5 +399,37 @@ deploy-changelog:
   environment:
     name: static.psono.com
     url: https://static.psono.com/gitlab.com/psono/psono-server/changelog.json
+  only:
+    - /^v[0-9]*\.[0-9]*\.[0-9]*$/
+
+
+deploy-nightlyartifacts:
+  except:
+    - schedules
+  stage: release
+  image: psono-docker.jfrog.io/ubuntu:22.04
+  dependencies:
+    - build-sbom
+  script:
+    - sh ./var/deploy_nightlyartifacts.sh
+  environment:
+    name: static.psono.com
+    url: https://get.psono.com/psono/psono-server/nightly/sbom.json
+  only:
+    - develop@psono/psono-server
+
+
+deploy-releaseartifacts:
+  except:
+    - schedules
+  stage: deploy
+  image: psono-docker.jfrog.io/ubuntu:22.04
+  dependencies:
+    - build-sbom
+  script:
+    - sh ./var/deploy_releaseartifacts.sh
+  environment:
+    name: static.psono.com
+    url: https://get.psono.com/psono/psono-server/latest/sbom.json
   only:
     - /^v[0-9]*\.[0-9]*\.[0-9]*$/
\ No newline at end of file
diff --git a/var/deploy_nightlyartifacts.sh b/var/deploy_nightlyartifacts.sh
new file mode 100644
index 0000000..6064c24
--- /dev/null
+++ b/var/deploy_nightlyartifacts.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+apt-get update && \
+apt-get install -y lsb-release curl gnupg && \
+echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
+curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg  add - && \
+apt-get update -y && apt-get install google-cloud-cli -y && \
+echo "$GOOGLE_APPLICATION_CREDENTIALS" > "/root/key.json" && \
+gcloud auth activate-service-account --key-file=/root/key.json && \
+gsutil cp sbom.json gs://get.psono.com/$CI_PROJECT_PATH/nightly/sbom.json
diff --git a/var/deploy_releaseartifacts.sh b/var/deploy_releaseartifacts.sh
new file mode 100644
index 0000000..c5c6352
--- /dev/null
+++ b/var/deploy_releaseartifacts.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+apt-get update && \
+apt-get install -y lsb-release curl gnupg && \
+echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
+curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg  add - && \
+apt-get update -y && apt-get install google-cloud-cli -y && \
+echo "$GOOGLE_APPLICATION_CREDENTIALS" > "/root/key.json" && \
+gcloud auth activate-service-account --key-file=/root/key.json && \
+gsutil cp sbom.json gs://get.psono.com/$CI_PROJECT_PATH/latest/sbom.json && \
+gsutil cp sbom.json gs://get.psono.com/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME/sbom.json