diff --git a/.github/workflows/anchore-syft.yml b/.github/workflows/anchore-syft.yml
deleted file mode 100644
index 4b687532e..000000000
--- a/.github/workflows/anchore-syft.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-# This workflow checks out code, builds an image, performs a container image
-# scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency
-# submission API.
-
-# For more information on the Anchore sbom-action usage
-# and parameters, see https://github.com/anchore/sbom-action. For more
-# information about the Anchore SBOM tool, Syft, see
-# https://github.com/anchore/syft
-name: Anchore Syft SBOM scan
-
-on:
-  push:
-    branches: [ "master" ]
-
-permissions:
-  contents: write
-
-jobs:
-  Anchore-Build-Scan:
-    permissions:
-      contents: write # required to upload to the Dependency submission API
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout the code
-      uses: actions/checkout@v4
-    - name: Build the Docker image
-      run: docker build . --file Dockerfile --tag localbuild/testimage:latest
-    - name: Scan the image and upload dependency results
-      uses: anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a
-      with:
-        image: "localbuild/testimage:latest"
-        artifact-name: image.spdx.json
-        dependency-snapshot: true
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
new file mode 100644
index 000000000..8f22a966d
--- /dev/null
+++ b/.github/workflows/sbom.yml
@@ -0,0 +1,81 @@
+name: SBOM Generator
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+  workflow_dispatch:
+
+permissions: write-all
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18"
+          check-latest: true
+          cache: 'yarn'
+
+      - name: Install Microsoft SBOM Tool
+        run: |
+          curl -Lo /tmp/sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64
+          chmod +x /tmp/sbom-tool
+
+      - name: Install project dependencies
+        run: yarn install --frozen-lockfile --production
+
+      - name: sbomtool expects a directory to exist to place results in
+        run: |
+          mkdir -p /tmp/sbomtool/directory
+          mkdir -p /tmp/sbomtool/image
+
+      - name: sbomtool directory spdx
+        if: always()
+        run: /tmp/sbom-tool generate -b . -bc . -li true -pm true -m /tmp/sbomtool/directory -pn Heimdall2 -pv 2.10.19 -ps MITRE -nsb https://saf.mitre.org -V Verbose
+
+      - name: bug in cyclonedxcli spdx converter causes a valid field to throw an error, applying a workaround
+        if: always()
+        run: sed 's/PACKAGE-MANAGER/PACKAGE_MANAGER/g' /tmp/sbomtool/directory/_manifest/spdx_2.2/manifest.spdx.json > /tmp/sbomtool/directory/_manifest/spdx_2.2/manifest_fixed.spdx.json
+
+      - run: tree /tmp/sbomtool
+
+      - run: chmod 777 /tmp/sbomtool/directory/_manifest/spdx_2.2/manifest_fixed.spdx.json
+
+      - run: ls -lah /tmp/sbomtool/directory/_manifest/spdx_2.2/manifest_fixed.spdx.json
+            
+      - name: sbomtool check permissions in container
+        if: always()
+        run: docker run -t -v /tmp/sbomtool/directory/_manifest/spdx_2.2/manifest_fixed.spdx.json:/tmp/sbomtool_directory.spdx.json -v /tmp/sbomtool/directory.cdx.json:/tmp/sbomtool_directory.cdx.json --entrypoint /bin/bash cyclonedx/cyclonedx-cli:latest -- /bin/ls -lah /tmp
+
+      - name: sbomtool directory spdx converted
+        if: always()
+        run: docker run -t -v /tmp/sbomtool/directory/_manifest/spdx_2.2/manifest_fixed.spdx.json:/tmp/sbomtool_directory.spdx.json -v /tmp/sbomtool/directory.cdx.json:/tmp/sbomtool_directory.cdx.json cyclonedx/cyclonedx-cli:latest convert --input-file /tmp/sbomtool_directory.spdx.json --output-file /tmp/sbomtool_directory.cdx.json  --input-format spdxjson --output-format json 
+
+      - name: Build the Docker image
+        if: always()
+        run: docker build -f Dockerfile -t mitre/heimdall2:throwaway .
+
+      - name: sbomtool image spdx
+        if: always()
+        run: /tmp/sbom-tool generate -di mitre/heimdall2:throwaway -li true -pm true -m /tmp/sbomtool/image -pn Heimdall2 -pv 2.10.19 -ps MITRE -nsb https://saf.mitre.org -V Verbose
+
+      - name: bug in cyclonedxcli spdx converter causes a valid field to throw an error, applying a workaround
+        if: always()
+        run: sed 's/PACKAGE-MANAGER/PACKAGE_MANAGER/g' /tmp/sbomtool/image/_manifest/spdx_2.2/manifest.spdx.json > /tmp/sbomtool/image/_manifest/spdx_2.2/manifest_fixed.spdx.json
+
+      - name: sbomtool image spdx converted
+        if: always()
+        run: docker run -t -v /tmp/sbomtool/image/_manifest/spdx_2.2/manifest_fixed.spdx.json:/tmp/sbomtool_image.spdx.json -v /tmp/sbomtool/image.cdx.json:/tmp/sbomtool_image.cdx.json cyclonedx/cyclonedx-cli:latest convert --input-file /tmp/sbomtool_image.spdx.json --output-file /tmp/sbomtool_image.cdx.json  --input-format spdxjson --output-format json 
+
+      - uses: actions/upload-artifact@v4
+        if: always()
+        with: 
+          path: /tmp/sbomtool
+          name: "MS SBOM Tool experiments"