diff --git a/.github/workflows/bom.yml b/.github/workflows/bom.yml
new file mode 100644
index 00000000..b62a362f
--- /dev/null
+++ b/.github/workflows/bom.yml
@@ -0,0 +1,43 @@
+name: Software bill of materials (BOM)
+
+on:
+  push:
+    branches: [main]
+
+  workflow_dispatch:
+
+jobs:
+  bom:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [18]
+
+    steps:
+      - name: Checkout 🛎️
+        uses: actions/checkout@v3
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.version }}
+          cache: "npm"
+
+      - name: Install @cyclonedx/cyclonedx-npm
+        run: npm install @cyclonedx/cyclonedx-npm --no-save
+
+      - name: Generate BOM
+        run: npm exec -- cyclonedx-npm --output-format XML --output-file bom.xml
+
+      - name: Push BOM to Dependency Track
+        env:
+          PROJECT_NAME: bkd-evento-portal
+        run: |
+          curl --verbose -s --location --request POST ${{vars.DEPENDENCY_TRACK_URL}}/api/v1/bom \
+               --header "X-Api-Key: ${{secrets.DEPENDENCY_TRACK_API_KEY}}" \
+               --header "Content-Type: multipart/form-data" \
+               --form "autoCreate=true" \
+               --form "projectName=$PROJECT_NAME" \
+               --form "projectVersion=latest" \
+               --form "bom=@bom.xml"
diff --git a/README.md b/README.md
index a48f0118..a9b11858 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,7 @@
 [![Lint & Test ✨](https://github.com/bkd-mba-fbi/evento-portal/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/bkd-mba-fbi/evento-portal/actions/workflows/test.yml)
 [![Build & Deploy ZIP 📦](https://github.com/bkd-mba-fbi/evento-portal/actions/workflows/zip.yml/badge.svg?branch=main)](https://github.com/bkd-mba-fbi/evento-portal/actions/workflows/zip.yml)
 [![Build & Push Docker Image 🚀](https://github.com/bkd-mba-fbi/evento-portal/actions/workflows/docker.yml/badge.svg)](https://github.com/bkd-mba-fbi/evento-portal/actions/workflows/docker.yml)
+[![Software bill of materials (BOM)](https://github.com/bkd-mba-fbi/evento-portal/actions/workflows/bom.yml/badge.svg?branch=main)](https://github.com/bkd-mba-fbi/evento-portal/actions/workflows/bom.yml)
 
 The _Evento Portal_ is used to integrate various applications for school administration in a single web portal with a common look and feel.