diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index fb8d7257..893508d8 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -5,8 +5,7 @@ on:
     tags:
       - '*'
     branches:
-      - main
-      - master
+      - '*'
 
 env:
   REGISTRY: ghcr.io
@@ -42,5 +41,18 @@ jobs:
           context: .
           file: src/Dockerfile
           push: true
+          sbom: true
+          platforms: linux/amd64,linux/arm64
+          provenance: true
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Scan SBOM
+        uses: anchore/scan-action@v3
+        with:
+          image: ${{ steps.meta.outputs.tags }}
+          add-cpes-if-none: true
+          output-format: table
+          severity-cutoff: critical
+          # fail-build: true
+          fail-build: false
\ No newline at end of file