diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
index b1840a4..ded3b1d 100644
--- a/.github/workflows/tag.yml
+++ b/.github/workflows/tag.yml
@@ -50,3 +50,17 @@ jobs:
           pull: true
           tags: ${{ steps.docker_meta_img_hub.outputs.tags }}
           labels: ${{ steps.docker_meta_img_hub.outputs.labels }}
+
+  create_release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: generate sbom via dependency-graph
+        run: gh api repos/${{ github.repository }}/dependency-graph/sbom > dependencies.sbom.json
+        env:
+          GH_TOKEN: ${{ github.token }}
+      - name: create release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: dependencies.sbom.json
\ No newline at end of file