diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index 0b158992213..a99ad66a139 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -2,12 +2,11 @@ name: SBOM
 on:
   release:
     types: [published]
-  workflow_dispatch:
           
 permissions: read-all
 
 jobs:
-  sbom:
+  generate-sboms:
     runs-on: ubuntu-latest
     env:
       NPM_CONFIG_UNSAFE_PERM: true
@@ -24,37 +23,57 @@ jobs:
       - name: Bootstrap
         run: npm ci
 
-      - name: Generate SBOM for the whole repository
-        run: |
-          npm sbom --sbom-format=spdx --legacy-peer-deps > opentelemetry-js.spdx
-
-      - name: Generate SBOM for the API package
-        run: |
-          npm sbom --sbom-format=spdx --legacy-peer-deps --workspace api > opentelemetry-js_api.spdx
-
-      - name: Generate SBOMs for packages 
+      - name: Generate SBOM for core packages
+        if: ${{ ! startsWith(github.ref, 'refs/tags/experimental') && ! startsWith(github.ref, 'refs/tags/api') }}
         run: |
           for dir in $(find packages -mindepth 1 -maxdepth 1 -type d)
           do
             dir_name=$(basename "$dir")
             echo "Generating SBOM for $dir_name"
-            npm sbom --sbom-format=spdx --legacy-peer-deps --workspace ${dir} > "opentelemetry-js_${dir_name}.spdx"
+            npm sbom --sbom-format=spdx --legacy-peer-deps --workspace ${dir} > "opentelemetry-js_${dir_name}.spdx.json"
           done
+        
+      - name: Generate SBOM for the API package
+        if: startsWith(github.ref, 'refs/tags/api/')
+        run: |
+          npm sbom --sbom-format=spdx --legacy-peer-deps --workspace api > opentelemetry-js_api.spdx.json
 
       - name: Generate SBOMs for experimental packages 
+        if: startsWith(github.ref, 'refs/tags/experimental/')
         run: |
           for dir in $(find experimental/packages -mindepth 1 -maxdepth 1 -type d)
           do
             dir_name=$(basename "$dir")
             echo "Generating SBOM for $dir_name"
-            npm sbom --sbom-format=spdx --legacy-peer-deps --workspace ${dir} > "opentelemetry-js_${dir_name}.spdx"
+            npm sbom --sbom-format=spdx --legacy-peer-deps --workspace ${dir} > "opentelemetry-js_${dir_name}.spdx.json"
           done
 
       - name: Zip all SBOM files
         run: |
-          zip sbom.zip *.spdx 
+          zip sbom.zip *.spdx.json
 
-      - uses: actions/upload-artifact@v4
-        with: 
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: SBOM.zip
           path: ./sbom.zip
-          name: "SBOM"
+
+  add-release-artifact:
+    needs: generate-sboms
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Download artifact from generate-sboms
+        uses: actions/download-artifact@v4
+        with:
+          name: SBOM.zip
+      - name: Upload release asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ./sbom.zip
+          asset_name: SBOM.zip
+          asset_content_type: application/zip