diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9b78015793306091eb17f93e686ff70a8237fb03..d66cc9a4bf48b18887cf5acc9a771aa3fcfb3faf 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,6 +1,7 @@
 include:
   - template: Security/Container-Scanning.gitlab-ci.yml
   - template: Security/Secret-Detection.gitlab-ci.yml
+  - remote: https://gitlab.gwdg.de/dariah-de/gitlab-templates/-/raw/main/templates/.deps.gitlab-ci.yml # for upload-container-sbom
   - remote: https://gitlab.gwdg.de/dariah-de/gitlab-templates/-/raw/main/templates/SBOM-Upload.gitlab-ci.yml
 
 variables:
@@ -39,7 +40,7 @@ build:
     - main
     - postgres-image
 
-generate-sbom:
+depdendency-scanning:
   stage: test
   image: python:3.9-slim-bullseye
   needs: []
@@ -50,6 +51,31 @@ generate-sbom:
     paths:
       - 'bom.json'
 
+container-scanning:
+  stage: test
+  image:
+    name: anchore/syft:debug
+    entrypoint: [""]
+  script:
+    - /syft $CONTAINER_IMAGE -o cyclonedx-json=sbom.container.json
+  artifacts:
+    paths:
+      - 'sbom.container.json'
+
+# TODO add to templates, adapt for release BEFORE next release
+upload-container-sbom:
+  stage: deploy
+  only:
+   - develop
+  variables:
+    X_API_KEY: $DEPS_UPLOAD_TOKEN
+    AUTO_CREATE_PROJECT: 'true'
+    PROJECT_NAME: $CI_PROJECT_NAME-container
+    PROJECT_VERSION: develop
+    BOM_LOCATION: 'sbom.container.json'
+  extends:
+    - .upload-bom-to-deps
+
 tag-dev-image:
   image:
     name: gcr.io/go-containerregistry/crane:debug