diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 856c0e18f..a4a50f097 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -185,3 +185,7 @@ jobs:
         uses: anchore/sbom-action@v0
         with:
           image: ghcr.io/fkie-cad/logprep:py${{ matrix.python-version }}-${{ github.head_ref }}@${{ steps.build-and-push.outputs.digest }}
+
+      - uses: anchore/sbom-action/publish-sbom@v0
+        with:
+          sbom-artifact-match: ".*\\.spdx$"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 72ea1f9b2..903a26ea8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,7 +31,8 @@ the list is now fixed inside the packaged logprep
 * remove `tldextract` dependency
 * remove `urlextract` dependency
 * fix wrong documentation for `timestamp_differ`
-* add container signatures to image build inside ci pipeline
+* add container signatures to images build in ci pipeline
+* add sbom to images build in ci pipeline
 
 ### Bugfix