diff --git a/.github/actions/generate-sbom-composite/action.yml b/.github/actions/generate-sbom-composite/action.yml
new file mode 100644
index 000000000..affa1c1ad
--- /dev/null
+++ b/.github/actions/generate-sbom-composite/action.yml
@@ -0,0 +1,36 @@
+name: "Download SBOM from Github"
+description: "Download the SBOM from Github API"
+author: "valpinkman"
+inputs:
+  owner:
+    default: "LedgerHQ"
+    description: "The owner of the repository"
+    required: true
+  repo:
+    default: "device-sdk-ts"
+    description: "The repository name"
+    required: true
+  token:
+    default: ${{ github.token }}
+    description: "The Github token to use to download the SBOM"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+
+    - name: Download SBOM
+      shell: bash
+      env:
+        GH_TOKEN: ${{ inputs.token }}
+      run: |
+        gh api \
+          -H "Accept: application/vnd.github+json" \
+          -H "X-GitHub-Api-Version: 2022-11-28" \
+          /repos/${{ inputs.owner }}/${{ inputs.repo }}/dependency-graph/sbom > sbom.json
+
+    - name: Upload SBOM
+      uses: actions/upload-artifact@v4
+      with:
+        name: sbom
+        path: sbom.json
diff --git a/.github/workflows/generate_sbom.yml b/.github/workflows/generate_sbom.yml
new file mode 100644
index 000000000..cfd48aab1
--- /dev/null
+++ b/.github/workflows/generate_sbom.yml
@@ -0,0 +1,18 @@
+name: Generate SBOM
+
+on:
+  push:
+    branches:
+      - develop
+    paths:
+      - "pnpm-lock.yaml"
+
+jobs:
+  generate-sbom:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: LedgerHQ/device-sdk-ts/.github/actions/setup-toolchain-composite@develop
+
+      - uses: ./.github/actions/generate-sbom-composite
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0f4ab6375..86f6a9bb3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,11 +24,8 @@ jobs:
 
       - uses: LedgerHQ/device-sdk-ts/.github/actions/setup-toolchain-composite@develop
 
-      - name: install dependencies
-        run: pnpm install
-
       - name: build libraries
-        run: pnpm build
+        run: pnpm build:libs
 
       - name: Login to internal JFrog registry
         id: jfrog-login
diff --git a/.gitignore b/.gitignore
index 0442bd473..82a65631a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,4 +37,7 @@ lib
 .eslintcache
 
 # npm config
-.npmrc
\ No newline at end of file
+.npmrc
+
+# sbom
+sbom.json
\ No newline at end of file