diff --git a/.github/workflows/generate-augmented-sbom.yml b/.github/workflows/generate-augmented-sbom.yml
new file mode 100644
index 0000000..865e9a9
--- /dev/null
+++ b/.github/workflows/generate-augmented-sbom.yml
@@ -0,0 +1,48 @@
+name: Augment SBOM
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: "Release version (e.g. 3.12.1)"
+        required: true
+        type: string
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  augment-sbom:
+    runs-on: ubuntu-latest
+    env:
+      KONDUKTO_TOKEN: ${{ secrets.KONDUKTO_TOKEN }}
+      KONDUKTO_REPO: ${{ vars.KONDUKTO_REPO }}
+      KONDUKTO_BRANCH_PREFIX: ${{ vars.KONDUKTO_BRANCH_PREFIX }}
+      SILKBOMB_IMG: ${{ vars.SILKBOMB_IMG }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+
+      - name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"
+
+      - name: Augment SBOM with Kondukto
+        env:
+          RELEASE_VERSION: ${{ inputs.release_version }}
+        run: ./scripts/compliance/augment-sbom.sh 
+      - name: Generate SSDLC report
+        env:
+            AUTHOR: ${{ github.actor }}
+            VERSION: ${{ inputs.release_version }}
+            AUGMENTED_REPORT: "true"
+        run: ./scripts/compliance/gen-ssdlc-report.sh
+
+      - name: Upload augmented SBOM as artifact
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        with:
+          name: augmented_sbom_and_ssdlc_report
+          path: |
+            compliance/augmented-sbom-v${{ inputs.release_version }}-${{ steps.date.outputs.date }}.json
+            compliance/ssdlc-compliance-${{ inputs.release_version }}-${{ steps.date.outputs.date }}.md
+          if-no-files-found: error
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 39473c0..43b5479 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -67,3 +67,48 @@ jobs:
           ARTIFACTORY_REGISTRY: ${{ secrets.ARTIFACTORY_REGISTRY }}
           ARTIFACTORY_SIGN_USER: ${{ secrets.ARTIFACTORY_SIGN_USER }}
           ARTIFACTORY_SIGN_PASSWORD: ${{ secrets.ARTIFACTORY_SIGN_PASSWORD }}
+  compliance:
+    needs: release
+    runs-on: ubuntu-latest
+    env:
+      SILKBOMB_IMG: ${{ vars.SILKBOMB_IMG }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+            ref: ${{ inputs.version_number }}
+      - name: Generate PURLs and SBOM
+        run: make gen-purls gen-sbom
+      - name: Upload SBOM to Kondukto
+        run: make upload-sbom
+        env:
+          KONDUKTO_TOKEN: ${{ secrets.KONDUKTO_TOKEN }}
+          KONDUKTO_REPO: ${{ vars.KONDUKTO_REPO }}
+          KONDUKTO_BRANCH_PREFIX: ${{ vars.KONDUKTO_BRANCH_PREFIX }}
+      - name: Upload SBOM as release artifact
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631
+        with:
+          files: compliance/sbom.json
+          tag_name: ${{ inputs.version_number }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  generate-ssdlc-report:
+    needs: compliance
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      - uses: ./.github/templates/run-script-and-commit
+        with:
+          script_call: |
+            TAG="${{ inputs.version_number }}"
+            VERSION="${TAG#v}"
+            AUTHOR="${{ github.actor }}"
+            export AUTHOR VERSION
+            ./scripts/compliance/gen-ssdlc-report.sh
+          file_to_commit: 'compliance/v*/ssdlc-compliance-*.md'
+          commit_message: "chore: Update SSDLC report for ${{ inputs.version_number }}"
+          apix_bot_pat: ${{ secrets.APIX_BOT_PAT }}
+          remote: https://svc-apix-bot:${{ secrets.APIX_BOT_PAT }}@github.com/${{ github.repository }}
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 109a7bd..0f69021 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,6 +1,6 @@
 # Contributing to the Atlas CLI plugin for Terraform's MongoDB Atlas Provider
 
-WIP
+Thank you for your interest in contributing! This project welcomes contributions from the community. Please follow the guidelines below to get started, build, and contribute effectively. For compliance and release processes, see the sections below.
 
 ## Building
 
@@ -9,3 +9,23 @@ You can build the binary plugin by running `make build`. You'll need to have Go
 ## Using the plugin from the CLI
 
 You can also use the plugin with your changes from the CLI by running: `make local` and following the instructions displayed.
+
+## Third Party Dependencies and Vulnerability Scanning
+
+We scan our dependencies for vulnerabilities and incompatible licenses using [Snyk](https://snyk.io/).
+To run Snyk locally please follow their [CLI reference](https://support.snyk.io/hc/en-us/articles/360003812458-Getting-started-with-the-CLI).
+
+We also use Kondukto to scan for third-party dependency vulnerabilities. Kondukto creates tickets in MongoDB's issue tracking system for any vulnerabilities found.
+
+### SBOM and Compliance
+We generate Software Bill of Materials (SBOM) files for each release as part of MongoDB's SSDLC initiative. SBOM Lite files are automatically generated and included as release artifacts. Compliance reports are generated after each release and stored in the compliance/<release-version> directory.
+
+Augmented SBOMs can be generated on customer request for any released version. This can only be done by MongoDB employees as it requires access to our GitHub workflow.
+
+### Papertrail Integration
+All releases are recorded using a MongoDB-internal application called Papertrail. This records various pieces of information about releases, including the date and time of the release, who triggered the release (by pushing to Evergreen), and a checksum of each release file.
+
+This is done automatically as part of the release.
+
+### Release Artifact Signing
+All releases are signed automatically as part of the release process.
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 6fbead2..e211920 100644
--- a/Makefile
+++ b/Makefile
@@ -64,4 +64,20 @@ generate-manifest-windows: ## Generate the manifest file for windows OSes
 .DEFAULT_GOAL := help
 help:
 	@grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' | sort
+
+.PHONY: gen-purls
+gen-purls:
+	./scripts/compliance/gen-purls.sh
+
+.PHONY: gen-sbom
+gen-sbom:
+	./scripts/compliance/gen-sbom.sh
+
+.PHONY: gen-ssdlc-report
+gen-ssdlc-report:
+	./scripts/compliance/gen-ssdlc-report.sh
+
+.PHONY: upload-sbom
+upload-sbom:
+	./scripts/compliance/upload-sbom.sh
 	
diff --git a/scripts/compliance/augment-sbom.sh b/scripts/compliance/augment-sbom.sh
new file mode 100755
index 0000000..73b32af
--- /dev/null
+++ b/scripts/compliance/augment-sbom.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+: "${RELEASE_VERSION:?RELEASE_VERSION environment variable not set}"
+DATE=$(date +'%Y-%m-%d')
+
+echo "Augmenting SBOM..."
+docker run \
+	--pull=always \
+	--platform="linux/amd64" \
+	--rm \
+	-v "${PWD}:/pwd" \
+	-e KONDUKTO_TOKEN \
+	"$SILKBOMB_IMG" \
+	augment \
+	--sbom-in "/pwd/compliance/sbom.json" \
+	--repo "$KONDUKTO_REPO" \
+	--branch "$KONDUKTO_BRANCH_PREFIX-linux-arm64" \
+	--sbom-out "/pwd/compliance/augmented-sbom-v${RELEASE_VERSION}-${DATE}.json"
diff --git a/scripts/compliance/extract-purls.sh b/scripts/compliance/extract-purls.sh
new file mode 100755
index 0000000..2e2b752
--- /dev/null
+++ b/scripts/compliance/extract-purls.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [ "$#" -ne 2 ]; then
+  echo "Usage: $0 <binary_path> <output_file>"
+  exit 1
+fi
+
+BINARY_PATH="$1"
+OUTPUT_FILE="$2"
+
+go version -m "$BINARY_PATH" | \
+  awk '$1 == "dep" || $1 == "=>" { print "pkg:golang/" $2 "@" $3 }' | \
+  LC_ALL=C sort > "$OUTPUT_FILE"
diff --git a/scripts/compliance/gen-purls.sh b/scripts/compliance/gen-purls.sh
new file mode 100755
index 0000000..f3e8911
--- /dev/null
+++ b/scripts/compliance/gen-purls.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+set -euo pipefail
+: "${LINKER_FLAGS:=}"
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+EXTRACT_PURL_SCRIPT="${SCRIPT_DIR}/extract-purls.sh"
+
+if [ ! -x "$EXTRACT_PURL_SCRIPT" ]; then
+  echo "extract-purls.sh not found or not executable"
+  exit 1
+fi
+
+echo "==> Generating purls"
+
+# Define output and temp files
+OUT_DIR="compliance"
+LINUX_BIN="${OUT_DIR}/bin-linux"
+DARWIN_BIN="${OUT_DIR}/bin-darwin"
+WIN_BIN="${OUT_DIR}/bin-win.exe"
+PURL_LINUX="${OUT_DIR}/purls-linux.txt"
+PURL_DARWIN="${OUT_DIR}/purls-darwin.txt"
+PURL_WIN="${OUT_DIR}/purls-win.txt"
+PURL_ALL="${OUT_DIR}/purls.txt"
+
+# Build and extract for Linux
+GOOS=linux GOARCH=amd64 go build -ldflags "${LINKER_FLAGS}" -o "${LINUX_BIN}" ./cmd/plugin
+"$EXTRACT_PURL_SCRIPT" "${LINUX_BIN}" "${PURL_LINUX}"
+
+# Build and extract for Darwin
+GOOS=darwin GOARCH=amd64 go build -ldflags "${LINKER_FLAGS}" -o "${DARWIN_BIN}" ./cmd/plugin
+"$EXTRACT_PURL_SCRIPT" "${DARWIN_BIN}" "${PURL_DARWIN}"
+
+# Build and extract for Windows
+GOOS=windows GOARCH=amd64 go build -ldflags "${LINKER_FLAGS}" -o "${WIN_BIN}" ./cmd/plugin
+"$EXTRACT_PURL_SCRIPT" "${WIN_BIN}" "${PURL_WIN}"
+
+# Combine, sort, and deduplicate
+cat "${PURL_LINUX}" "${PURL_DARWIN}" "${PURL_WIN}" | LC_ALL=C sort | uniq > "${PURL_ALL}"
+
+# Clean up temp files
+rm -f "${LINUX_BIN}" "${DARWIN_BIN}" "${WIN_BIN}" "${PURL_LINUX}" "${PURL_DARWIN}" "${PURL_WIN}"
diff --git a/scripts/compliance/gen-sbom.sh b/scripts/compliance/gen-sbom.sh
new file mode 100755
index 0000000..d655773
--- /dev/null
+++ b/scripts/compliance/gen-sbom.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "Generating SBOM..."
+docker run --rm \
+  -v "$PWD:/pwd" \
+  "$SILKBOMB_IMG" \
+  update \
+  --purls /pwd/compliance/purls.txt \
+  --sbom-out /pwd/compliance/sbom.json
diff --git a/scripts/compliance/gen-ssdlc-report.sh b/scripts/compliance/gen-ssdlc-report.sh
new file mode 100755
index 0000000..80aefbd
--- /dev/null
+++ b/scripts/compliance/gen-ssdlc-report.sh
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+release_date=${DATE:-$(date -u '+%Y-%m-%d')}
+
+export DATE="${release_date}"
+
+if [ -z "${AUTHOR:-}" ]; then
+  AUTHOR=$(git config user.name)
+fi
+
+if [ -z "${VERSION:-}" ]; then
+  VERSION=$(git tag --list 'v*' --sort=-taggerdate | head -1 | cut -d 'v' -f 2)
+fi
+
+if [ "${AUGMENTED_REPORT:-false}" = "true" ]; then
+  target_dir="."
+  file_name="ssdlc-compliance-${VERSION}-${DATE}.md"
+  SBOM_TEXT="  - See Augmented SBOM manifests (CycloneDX in JSON format):
+      - This file has been provided along with this report under the name 'linux_amd64_augmented_sbom_v${VERSION}.json'
+      - Please note that this file was generated on ${DATE} and may not reflect the latest security information of all third party dependencies."
+
+else # If not augmented, generate the standard report
+  target_dir="compliance/v${VERSION}"
+  file_name="ssdlc-compliance-${VERSION}.md"
+  SBOM_TEXT="  - See SBOM Lite manifests (CycloneDX in JSON format):
+      - https://github.com/mongodb/atlas-cli-plugin-terraform/releases/download/v${VERSION}/sbom.json"
+  # Ensure atlas-cli-plugin-terraform version directory exists
+  mkdir -p "${target_dir}"
+fi
+
+export AUTHOR
+export VERSION
+export SBOM_TEXT
+
+echo "Generating SSDLC report for Atlas CLI plugin for Terraform's MongoDB Atlas Provider version ${VERSION}, author ${AUTHOR} and release date ${DATE}..."
+
+envsubst < templates/ssdlc-compliance.template.md \
+  > "${target_dir}/${file_name}"
+
+echo "SSDLC compliance report ready. Files in ${target_dir}/:"
+ls -l "${target_dir}/"
+
+echo "Printing the generated report:"
+cat "${target_dir}/${file_name}"
diff --git a/scripts/compliance/upload-sbom.sh b/scripts/compliance/upload-sbom.sh
new file mode 100755
index 0000000..339b901
--- /dev/null
+++ b/scripts/compliance/upload-sbom.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "Uploading SBOMs..."
+docker run --rm \
+  -v "$PWD:/pwd" \
+  -e KONDUKTO_TOKEN \
+  "$SILKBOMB_IMG" \
+  upload \
+  --sbom-in /pwd/compliance/sbom.json \
+  --repo "$KONDUKTO_REPO" \
+  --branch "$KONDUKTO_BRANCH_PREFIX" 
diff --git a/templates/ssdlc-compliance.template.md b/templates/ssdlc-compliance.template.md
new file mode 100644
index 0000000..a8cb65e
--- /dev/null
+++ b/templates/ssdlc-compliance.template.md
@@ -0,0 +1,29 @@
+SSDLC Compliance Report: MongoDB Atlas CLI Plugin Terraform ${VERSION}
+=================================================================
+
+- Release Creator: ${AUTHOR}
+- Created On: ${DATE}
+
+Overview:
+
+- **Product and Release Name**
+	- MongoDB Atlas CLI Plugin Terraform ${VERSION}, ${DATE}.
+
+- **Process Document**
+	- https://www.mongodb.com/blog/post/how-mongodb-protects-against-supply-chain-vulnerabilities
+
+- **Tool used to track third party vulnerabilities**
+	- [Kondukto](https://arcticglow.kondukto.io/)
+
+- **Dependency Information**
+	${SBOM_TEXT}
+
+- **Security Testing Report**
+	- Available as needed from Cloud Security.
+
+- **Security Assessment Report**
+	- Available as needed from Cloud Security.
+
+Assumptions and attestations:
+
+- Internal processes are used to ensure CVEs are identified and mitigated within SLAs. 
\ No newline at end of file