diff --git a/task/rpm-ostree/0.1/rpm-ostree.yaml b/task/rpm-ostree/0.1/rpm-ostree.yaml
index 55f82de1f4..18be671b52 100644
--- a/task/rpm-ostree/0.1/rpm-ostree.yaml
+++ b/task/rpm-ostree/0.1/rpm-ostree.yaml
@@ -214,6 +214,20 @@ spec:
     volumeMounts:
       - mountPath: /var/lib/containers
         name: varlibcontainers
+  - name: merge-cachi2-sbom
+    image: quay.io/redhat-appstudio/cachi2:0.6.0@sha256:15d0513ed891b1d34fc46e56fdc9f6b457c90fbfd34f6a8c8fce6d3400ddc4a7
+    script: |
+      cachi2_sbom=./cachi2/output/bom.json
+      if [ -f "$cachi2_sbom" ]; then
+        echo "Merging contents of $cachi2_sbom into sbom-cyclonedx.json"
+        /src/utils/merge_syft_sbom.py "$cachi2_sbom" sbom-cyclonedx.json > sbom-temp.json
+        mv sbom-temp.json sbom-cyclonedx.json
+      else
+        echo "Skipping step since no Cachi2 SBOM was produced"
+      fi
+    workingDir: $(workspaces.source.path)
+    securityContext:
+      runAsUser: 0
   - image: quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f
     # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
     # the cluster will set imagePullPolicy to IfNotPresent