diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 017c1662b2c50b55cc270b9bb8ecfbcea85e0363..9b78015793306091eb17f93e686ff70a8237fb03 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,7 +1,7 @@
 include:
-  - template: Dependency-Scanning.gitlab-ci.yml
   - template: Security/Container-Scanning.gitlab-ci.yml
   - template: Security/Secret-Detection.gitlab-ci.yml
+  - remote: https://gitlab.gwdg.de/dariah-de/gitlab-templates/-/raw/main/templates/SBOM-Upload.gitlab-ci.yml
 
 variables:
   CONTAINER_IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
@@ -39,6 +39,17 @@ build:
     - main
     - postgres-image
 
+generate-sbom:
+  stage: test
+  image: python:3.9-slim-bullseye
+  needs: []
+  script:
+    - pip install cyclonedx-bom
+    - cyclonedx-bom -ri requirements/production.txt --format json -o bom.json
+  artifacts:
+    paths:
+      - 'bom.json'
+
 tag-dev-image:
   image:
     name: gcr.io/go-containerregistry/crane:debug
@@ -66,7 +77,6 @@ tag-release-image:
   only:
     - tags
 
-
 build_postgres-image:
   image:
     name: gcr.io/kaniko-project/executor:debug