diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 9488048..41dcfc6 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -48,6 +48,17 @@ jobs:
           release-count: 0 # preserve all versions in changelog
           skip-on-empty: false # otherwise we don't publish fixes
 
+      - name: Generate SBOM
+        uses: anchore/sbom-action@v0
+        id: sbom
+        if: ${{ steps.changelog.outputs.skipped == 'false' }}
+        with:
+          image: registry.dangerous.tech/dangeroustech/zerotierbridge:latest
+          registry-username: ${{ secrets.REGISTRY_USERNAME }}
+          registry-password: ${{ secrets.REGISTRY_PASSWORD }}
+          format: spdx-json
+          artifact-name: sbom.spdx.json
+
       - name: Create Release
         uses: softprops/action-gh-release@v1
         id: release
@@ -58,3 +69,5 @@ jobs:
           tag_name: ${{ steps.changelog.outputs.tag }}
           name: ${{ steps.changelog.outputs.tag }}
           body: ${{ steps.changelog.outputs.clean_changelog }}
+          files: |
+            sbom.spdx.json
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
deleted file mode 100644
index 019eb2e..0000000
--- a/.github/workflows/sbom.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: Generate SBOM
-
-on:
-  release:
-    types: [created, published]
-
-jobs:
-  GenerateSBOM:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Generate SBOM
-        uses: anchore/sbom-action@v0
-        id: sbom
-        with:
-          image: registry.dangerous.tech/dangeroustech/zerotierbridge:latest
-          registry-username: ${{ secrets.REGISTRY_USERNAME }}
-          registry-password: ${{ secrets.REGISTRY_PASSWORD }}