diff --git a/.gitea/workflows/ci-cd.yml b/.gitea/workflows/ci-cd.yml
index e0d267c..9a58103 100644
--- a/.gitea/workflows/ci-cd.yml
+++ b/.gitea/workflows/ci-cd.yml
@@ -121,11 +121,23 @@ jobs:
           cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max
 
       - name: Generate SBOM
-        uses: anchore/sbom-action@v0
-        with:
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
-          format: spdx-json
-          output-file: sbom.spdx.json
+        run: |
+          # Install syft
+          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
+          
+          # Login to registry (if needed)
+          echo "${{ secrets.HARBOR_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.HARBOR_USERNAME }} --password-stdin
+          
+          # Generate SBOM using latest tag
+          syft ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest -o spdx-json > sbom.spdx.json
+          
+          # Verify SBOM was created
+          if [ ! -f sbom.spdx.json ]; then
+            echo "Failed to generate SBOM"
+            exit 1
+          fi
+          
+          echo "SBOM generated successfully"
 
       - name: Upload SBOM
         uses: actions/upload-artifact@v3