diff --git a/.github/workflows/c4po-ci.yml b/.github/workflows/c4po-ci.yml
index fe89b39..c4c2fca 100644
--- a/.github/workflows/c4po-ci.yml
+++ b/.github/workflows/c4po-ci.yml
@@ -11,7 +11,8 @@ name: "Security C4PO CI"
 
 on:
   pull_request:
-    branches: [ "main" ]
+    # ToDo: Change back to main
+    branches: [ "test" ]
 
 
 env:
diff --git a/.github/workflows/c4po-sbom.yml b/.github/workflows/c4po-sbom.yml
new file mode 100644
index 0000000..ec61b80
--- /dev/null
+++ b/.github/workflows/c4po-sbom.yml
@@ -0,0 +1,117 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# GitHub recommends pinning actions to a commit SHA.
+# To get a newer version, you will need to update the SHA.
+# You can also reference a tag or branch, but the action may change without warning.
+
+name: "Supply Chain Security C4PO SBOM Demo"
+
+on:
+  pull_request:
+    branches: [ "main" ]
+
+
+env:
+  ANGULAR_PATH: security-c4po-angular
+  API_PATH: security-c4po-api
+  REPORTING_PATH: security-c4po-reporting
+  CFG_PATH: security-c4po-cfg
+
+  ANGULAR_CLI_VERSION: 13
+
+
+jobs:
+
+  angular_job:
+    name: "Angular SBOM Job"
+
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: "Check out code"
+        uses: actions/checkout@v3
+
+      - name: "Use Node.js 14.x"
+        uses: actions/setup-node@v1
+        with:
+          node-version: '14.x'
+          cache: 'npm'
+          
+      - name: "Install NPM dependencies"
+        run: |
+          cd $ANGULAR_PATH
+          npm ci
+
+      - name: "Build assets"
+        run: |
+          cd $ANGULAR_PATH
+          npm run build --if-present
+
+      - name: "Run tests"
+        run: |
+          cd $ANGULAR_PATH
+          npm test
+
+      - name: "Generate Angular SBOM"
+        id: angular_sbom
+        uses: anchore/sbom-action@v0
+        with:
+          path: './security-c4po-angular'
+          format: cyclonedx-json
+          output-file: '${{ github.event.repository.name }}-angular-sbom.cyclonedx.json'
+          upload-artifact: true
+
+
+
+
+
+
+
+  reporting_job:
+          name: "Reporting SBOM Job"
+      
+          runs-on: ubuntu-latest
+          
+          steps:
+            - name: "Check out code"
+              uses: actions/checkout@v3
+      
+            - name: "Set up JDK 11"
+              uses: actions/setup-java@v3
+              with:
+                java-version: '11'
+                distribution: 'temurin'
+      
+            - name: "Setup Gradle"
+              uses: gradle/gradle-build-action@v2
+              with:
+                gradle-version: 6.5
+      
+            - name: "Execute Gradle build"
+              run: |
+                cd $REPORTING_PATH
+                ./gradlew clean build
+
+            - name: "Generate Reporting SBOM"
+              id: reporting_sbom
+              uses: anchore/sbom-action@v0
+              with:
+                path: './security-c4po-reporting'
+                format: cyclonedx-json
+                output-file: "${{ github.event.repository.name }}-reporting-sbom.cyclonedx.json"
+                upload-artifact: true
+
+            # Working version to generate & analyse SBOMs
+            # Might be not good for company data
+            - name: "Generate SBOM"
+              id: sbom_generation
+              uses: codenotary/sbom.sh-create@main
+              with:
+                scan_type: 'grypefs'
+                target: './security-c4po-reporting' # . -> Assuming you want to scan the entire repository
+
+            - name: Output SBOM URL
+              run: echo "The SBOM can be found at $SBOM_SHARE_URL"
\ No newline at end of file