diff --git a/.github/workflows/on-release.yaml b/.github/workflows/on-release.yaml
index 1e70f673..98fc2166 100644
--- a/.github/workflows/on-release.yaml
+++ b/.github/workflows/on-release.yaml
@@ -24,18 +24,18 @@ jobs:
 
   release:
     runs-on: ubuntu-latest
-    needs: 
+    needs:
       - run-build
 
     permissions:
       contents: write # write release tag to the repo
       packages: write # push the container to ghcr
-  
+
     steps:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          fetch-depth: 0  # Fetch all history for all tags and branches
+          fetch-depth: 0 # Fetch all history for all tags and branches
 
       - name: Check if tag already exists
         id: check_tag
@@ -47,7 +47,7 @@ jobs:
           else
             echo "Tag does not exit. Building release version ${{ github.event.inputs.nextVersion }}"
           fi
-      
+
       - name: Log in to the Container registry
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
@@ -61,7 +61,9 @@ jobs:
         with:
           context: .
           push: true
-          tags:  ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.event.inputs.nextVersion }}
+          sbom: true
+          provenance: mode=max
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.event.inputs.nextVersion }}
 
       - name: Create Release with autogenerated release notes
         env: