diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ae47970..73f95fd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -58,7 +58,7 @@ jobs:
           do
             dotnet publish src/cyclonedx/cyclonedx.csproj -r $runtime --configuration Release /p:Version=$VERSION --self-contained true /p:PublishSingleFile=true /p:IncludeNativeLibrariesInSingleFile=true /p:IncludeNativeLibrariesForSelfExtract=true --output bin/$runtime
           done
-          docker build -f Dockerfile --build-arg VERSION=$VERSION -t $REPO:$VERSION -t $REPO:latest .
+          docker build --sbom=true --provenance mode=max,builder-id="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" --annotation "org.opencontainers.image.url=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" --annotation "org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" --annotation "org.opencontainers.image.version=$VERSION" --annotation "org.opencontainers.image.revision=$GITHUB_SHA" --annotation "org.opencontainers.image.created=$(date -Iseconds)" -f Dockerfile --build-arg VERSION=$VERSION -t $REPO:$VERSION -t $REPO:latest .
 
       - name: Publish Docker image to Docker Hub
         env:
@@ -204,4 +204,4 @@ jobs:
           upload_url: ${{ needs.release.outputs.release_upload_url }}
           asset_path: bin/osx-arm64/cyclonedx
           asset_name: cyclonedx-osx-arm64
-          asset_content_type: application/octet-stream
\ No newline at end of file
+          asset_content_type: application/octet-stream