diff --git a/build.gradle b/build.gradle
index ea482e8d..fdb6e715 100644
--- a/build.gradle
+++ b/build.gradle
@@ -26,6 +26,7 @@ buildscript {
     classpath "${libs.spotbugs.gradle.plugin.get()}"
     classpath "${libs.spotless.plugin.gradle.get()}"
     classpath "${libs.shadow.get()}"
+    classpath "${libs.cyclonedx.bom.get()}"
   }
 }
 
diff --git a/deploy.gradle b/deploy.gradle
index be2e1516..0831e3a8 100644
--- a/deploy.gradle
+++ b/deploy.gradle
@@ -22,6 +22,7 @@ if (project.hasProperty('release') && JavaVersion.current().getMajorVersion().to
 }
 
 subprojects {
+  apply plugin: 'org.cyclonedx.bom'
   apply plugin: 'maven-publish'
   apply plugin: 'signing'
   afterEvaluate {
@@ -68,6 +69,11 @@ subprojects {
           artifact sourceJar
           artifact javadocJar
           artifact testJar
+          artifact("$buildDir/reports/bom.xml") {
+            classifier 'cyclonedx'
+            extension 'xml'
+            builtBy tasks.named('cyclonedxBom')
+          }
 
           versionMapping {
             allVariants {
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index d1756b3c..8a6b06ec 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -36,6 +36,7 @@ spotbugs-plugin = "6.4.2"
 spotless-plugin = "6.25.0"
 
 # Packaging
+cyclonedx = "2.4.1"
 shadow-jar-plugin = "8.3.6"
 
 [libraries]
@@ -65,3 +66,4 @@ junit-platform-launcher = { group = "org.junit.platform", name = "junit-platform
 spotbugs-gradle-plugin = { group = "com.github.spotbugs.snom", name = "spotbugs-gradle-plugin", version.ref = "spotbugs-plugin" }
 spotless-plugin-gradle = { group = "com.diffplug.spotless", name = "spotless-plugin-gradle", version.ref = "spotless-plugin" }
 shadow = { group = "com.gradleup.shadow", name = "shadow-gradle-plugin", version.ref = "shadow-jar-plugin"}
+cyclonedx-bom = { group = "org.cyclonedx.bom", name = "org.cyclonedx.bom.gradle.plugin", version.ref = "cyclonedx" }