diff --git a/.github/edgebit/source-syft.yaml b/.github/edgebit/source-syft.yaml
new file mode 100644
index 0000000..b7ae52f
--- /dev/null
+++ b/.github/edgebit/source-syft.yaml
@@ -0,0 +1,27 @@
+output: syft
+
+check-for-app-update: false
+
+catalogers:
+  - binary
+  - cocoapods
+  - conan
+  - dartlang-lock
+  - dotnet-deps
+  - elixir-mix-lock
+  - erlang-rebar-lock
+  - go-mod-file
+  - go-module-binary
+  - graalvm-native-image
+  - haskell
+  - java
+  - java-gradle-lockfile
+  - java-pom
+  - javascript-lock
+  - php-composer-lock
+  - python-index
+  - python-package
+  - ruby-gemfile
+  - rust-cargo-lock
+  - sbom
+  - swift-package-manager
diff --git a/.github/workflows/sbom-upload.yaml b/.github/workflows/sbom-upload.yaml
new file mode 100644
index 0000000..b2b6141
--- /dev/null
+++ b/.github/workflows/sbom-upload.yaml
@@ -0,0 +1,34 @@
+name: Upload SBOM to EdgeBit
+on:
+  workflow_run:
+    workflows: ["Generate an SBOM from source code"]
+    types:
+      - completed
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    if: github.event.workflow_run.conclusion == 'success'
+
+    steps:
+      - name: Download metadata
+        id: metadata
+        uses: dawidd6/action-download-artifact@v2.28.0
+        with:
+          run_id: ${{ github.event.workflow_run.id }}
+          name: metadata.json
+
+      - name: Download SBOM
+        id: sbom
+        uses: dawidd6/action-download-artifact@v2.28.0
+        with:
+          run_id: ${{ github.event.workflow_run.id }}
+          name: sbom.spdx.json
+
+      - name: Upload SBOM to EdgeBit
+        uses: edgebitio/edgebit-build@v1
+        with:
+          edgebit-url: "https://edgebit.edgebit.io"
+          token: ${{ secrets.EDGEBIT_TOKEN }}
+          component: marker
+          sbom-file: ./sbom.spdx.json
+          args-file: ./metadata.json
diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml
new file mode 100644
index 0000000..aa598b7
--- /dev/null
+++ b/.github/workflows/sbom.yaml
@@ -0,0 +1,32 @@
+name: Generate an SBOM from source code
+on:
+  pull_request:
+  push:
+    branches:
+      - 'master'
+jobs:
+  generate-sbom:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Generate SBOM from source code
+        uses: anchore/sbom-action@a4126e6810341af80d172ee5ebf8ff419a2e8b21
+        with:
+          artifact-name: sbom.spdx.json
+          upload-artifact: true
+          config: .github/edgebit/source-syft.yaml
+
+      - name: Save metadata to an artifact
+        run: |
+          cat > /tmp/metadata.json <<EOF
+            {
+              "pr-number": "${{ github.event.number }}",
+              "tags": "${{ github.ref == 'refs/heads/master' && 'latest' || '' }}"
+            }
+          EOF
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: metadata.json
+          path: /tmp/metadata.json