diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 4e1ef42..df03060 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -22,6 +22,10 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         pip install setuptools wheel twine
+    - name: Generate SBOM
+      run: |
+        pip install cyclonedx-bom
+        ./scripts/make-sbom.sh
     - name: Build and publish
       env:
         TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
diff --git a/MANIFEST.in b/MANIFEST.in
index 02317df..f3ada80 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,3 +1,4 @@
 include requirements.txt
+include spdx.json
 graft tests
 
diff --git a/scripts/make-sbom.sh b/scripts/make-sbom.sh
new file mode 100755
index 0000000..abb1505
--- /dev/null
+++ b/scripts/make-sbom.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+cyclonedx-py --e --format json -o cyclonedx-sbom.json
+wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64
+chmod u+x cyclonedx-linux-x64
+./cyclonedx-linux-x64 convert --input-format json --output-format spdxjson --input-file cyclonedx-sbom.json --output-file spdx.json