diff --git a/.github/workflows/deptrack-test-workflow.yml b/.github/workflows/deptrack-test-workflow.yml
new file mode 100644
index 0000000000..e14f30fdcd
--- /dev/null
+++ b/.github/workflows/deptrack-test-workflow.yml
@@ -0,0 +1,40 @@
+name: 'Deptrack deploy'
+
+on:
+ push:
+ branches: [ production ]
+
+jobs:
+ generate-and-push-sbom:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout Repository
+ uses: actions/checkout@v4
+
+ - name: Install cdxgen
+ working-directory: frontend
+ run: npm install -g @cyclonedx/cdxgen@8.6.0
+
+ - name: 'Generate SBOM for maven dependencies'
+ working-directory: backend
+ run: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom
+
+ - name: 'Generate SBOM for npm dependencies'
+ working-directory: frontend
+ run: cdxgen -o ../sbom-npm.xml -t npm .
+
+ - name: 'Merge frontend and backend SBOMs'
+ run: |
+ docker run --rm -v $(pwd):/data cyclonedx/cyclonedx-cli merge --input-files data/backend/target/bom.xml data/sbom-npm.xml --output-file data/sbom.xml
+
+ - name: 'Push merged SBOM to dependency track'
+ env:
+ PROJECT_NAME: okr-production
+ run: |
+ curl --verbose -s --location --request POST ${{ secrets.DEPENDENCY_TRACK_URL }} \
+ --header "X-Api-Key: ${{ secrets.SECRET_OWASP_DT_KEY }}" \
+ --header "Content-Type: multipart/form-data" \
+ --form "autoCreate=true" \
+ --form "projectName=${PROJECT_NAME:-$GITHUB_REPOSITORY}" \
+ --form "projectVersion=latest" \
+ --form "bom=@sbom.xml"
\ No newline at end of file
diff --git a/backend/pom.xml b/backend/pom.xml
index 4b5f99755b..6558c2e439 100644
--- a/backend/pom.xml
+++ b/backend/pom.xml
@@ -100,7 +100,7 @@
cyclonedx-maven-plugin
2.9.1
- 1.4
+ 1.6