diff --git a/.github/workflows/github-actions.yml b/.github/workflows/github-actions.yml
index 3f5b1d2b..b5acc8c3 100644
--- a/.github/workflows/github-actions.yml
+++ b/.github/workflows/github-actions.yml
@@ -34,6 +34,10 @@ on:
     branches:
       - '**' #        '*' matches zero or more characters but does not match the `/` character    '**' matches zero or more of any character
 
+  pull_request: # we need to build on pull requests so that we can generate and upload the sbom before merging onto main/develop branches
+    branches:
+      - '**'
+
 
 jobs:
   
@@ -68,35 +72,37 @@ jobs:
       - name: '🏗 📦 Build, Pack & Announce New Release (if appropriate)'
         shell: 'bash'
         run: |
-          cd    "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts"                                                                                                       \
-                     &&                                                                                                                                                      \
-          echo  "${{env.SCL_DEPENDENCY_TRACKER_SIGNING_PRIVATE_KEY}}"  >  "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts/dependency_tracker_private_signing_key.ppk"  \
-                     &&                                                                                                                                                      \
-          dotnet                                                                                                                                                             \
-             msbuild                                                                                                                                                         \
-             "Laerdal.Builder.targets"                                                                                                                                       \
-             -m:1                                                                                                                                                            \
-             -p:Should_Skip_MacCatalyst="false"                                                                                                                              \
-                                                                                                                                                                             \
-                                                  -p:PackageOutputPath="${{env.BUILD_REPOSITORY_FOLDERPATH}}/Artifacts"                                                      \
-                                                -p:Laerdal_Gradle_Path="/opt/homebrew/opt/gradle@7/bin/gradle"                                                               \
-                                              -p:Laerdal_Source_Branch="${{env.LAERDAL_SOURCE_BRANCH}}"                                                                      \
-                                            -p:Laerdal_Repository_Path="${{env.LAERDAL_REPOSITORY_PATH}}"                                                                    \
-                                        -p:Laerdal_Github_Access_Token="${{env.SCL_GITHUB_ACCESS_TOKEN}}"                                                                    \
-                                    -p:Laerdal_Test_Results_Folderpath="${{env.BUILD_REPOSITORY_FOLDERPATH}}/TestResults"                                                    \
-                                                                                                                                                                             \
-                                            -p:Laerdal_CycloneCLI_Path="${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts/cyclonedx"                                      \
-                                 -p:Laerdal_Dependency_Tracker_Api_Key="${{env.SCL_DEPENDENCY_TRACKER_API_KEY}}"                                                             \
-                              -p:Laerdal_Dependency_Tracker_Server_Url="${{env.SCL_DEPENDENCY_TRACKER_SERVER_URL}}"                                                          \
-                -p:Laerdal_Dependency_Tracker_Private_Signing_Key_Path="${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts/dependency_tracker_private_signing_key.ppk"     \
-                                                                                                                                                                             \
-                                 -p:Laerdal_Bindings_iOS___Sdk_Version="${{env.BINDINGS_IOS___SDK_VERSION}}"                                                                 \
-                          -p:Laerdal_Bindings_iOS___Xcode_Ide_Dev_Path="${{env.BINDINGS_IOS___XCODE_IDE_DEV_PATH}}"                                                          \
-                                                                                                                                                                             \
-                         -p:Laerdal_Bindings_MacCatalyst___Sdk_Version="${{env.BINDINGS_MACCATALYST___SDK_VERSION}}"                                                         \
-                  -p:Laerdal_Bindings_MacCatalyst___Xcode_Ide_Dev_Path="${{env.BINDINGS_MACCATALYST___XCODE_IDE_DEV_PATH}}"                                                  \
-                   &&                                                                                                                                                        \
-          rm   "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts/dependency_tracker_private_signing_key.ppk"
+          cd    "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts"                                                                                                             \
+                     &&                                                                                                                                                            \
+          echo  "${{env.SCL_DEPENDENCY_TRACKER_API_KEY}}"              >  "./dependency_tracker_api_key.ppk"                                                                       \
+                     &&                                                                                                                                                            \
+          echo  "${{env.SCL_DEPENDENCY_TRACKER_SIGNING_PRIVATE_KEY}}"  >  "./dependency_tracker_private_signing_key.ppk"                                                           \
+                     &&                                                                                                                                                            \
+          dotnet                                                                                                                                                                   \
+             msbuild                                                                                                                                                               \
+             "Laerdal.Builder.targets"                                                                                                                                             \
+             -m:1                                                                                                                                                                  \
+             -p:Should_Skip_MacCatalyst="false"                                                                                                                                    \
+                                                                                                                                                                                   \
+                                                        -p:PackageOutputPath="${{env.BUILD_REPOSITORY_FOLDERPATH}}/Artifacts"                                                      \
+                                                      -p:Laerdal_Gradle_Path="/opt/homebrew/opt/gradle@7/bin/gradle"                                                               \
+                                                    -p:Laerdal_Source_Branch="${{env.LAERDAL_SOURCE_BRANCH}}"                                                                      \
+                                                  -p:Laerdal_Repository_Path="${{env.LAERDAL_REPOSITORY_PATH}}"                                                                    \
+                                              -p:Laerdal_Github_Access_Token="${{env.SCL_GITHUB_ACCESS_TOKEN}}"                                                                    \
+                                          -p:Laerdal_Test_Results_Folderpath="${{env.BUILD_REPOSITORY_FOLDERPATH}}/TestResults"                                                    \
+                                                                                                                                                                                   \
+                                                  -p:Laerdal_CycloneCLI_Path="${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts/cyclonedx"                                      \
+                                    -p:Laerdal_Dependency_Tracker_Server_Url="${{env.SCL_DEPENDENCY_TRACKER_SERVER_URL}}"                                                          \
+                             -p:Laerdal_Dependency_Tracker_Api_Key_File_Path="${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts/dependency_tracker_api_key.ppk"                 \
+                 -p:Laerdal_Dependency_Tracker_Private_Signing_Key_File_Path="${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts/dependency_tracker_private_signing_key.ppk"     \
+                                                                                                                                                                                   \
+                                       -p:Laerdal_Bindings_iOS___Sdk_Version="${{env.BINDINGS_IOS___SDK_VERSION}}"                                                                 \
+                                -p:Laerdal_Bindings_iOS___Xcode_Ide_Dev_Path="${{env.BINDINGS_IOS___XCODE_IDE_DEV_PATH}}"                                                          \
+                                                                                                                                                                                   \
+                               -p:Laerdal_Bindings_MacCatalyst___Sdk_Version="${{env.BINDINGS_MACCATALYST___SDK_VERSION}}"                                                         \
+                        -p:Laerdal_Bindings_MacCatalyst___Xcode_Ide_Dev_Path="${{env.BINDINGS_MACCATALYST___XCODE_IDE_DEV_PATH}}"                                                  \
+                   &&                                                                                                                                                              \
+          rm   "./dependency_tracker_private_signing_key.ppk"    "./dependency_tracker_api_key.ppk"
 
       - name: '📡 Publish Test Results' # https://github.com/marketplace/actions/publish-test-results
         uses: 'EnricoMi/publish-unit-test-result-action/macos@v2'
diff --git a/Laerdal.McuMgr.sln b/Laerdal.McuMgr.sln
index 8252dce1..1b1732cf 100644
--- a/Laerdal.McuMgr.sln
+++ b/Laerdal.McuMgr.sln
@@ -11,6 +11,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "_Misc", "_Misc", "{2459FC0F
 		global.json = global.json
 		Laerdal.SetupBuildEnvironment.sh = Laerdal.Scripts\Laerdal.SetupBuildEnvironment.sh
 		.github\workflows\github-actions.yml = .github\workflows\github-actions.yml
+		Laerdal.Scripts\Laerdal.GenerateSignAndUploadSbom.sh = Laerdal.Scripts\Laerdal.GenerateSignAndUploadSbom.sh
 	EndProjectSection
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Laerdal.McuMgr", "Laerdal.McuMgr\Laerdal.McuMgr.csproj", "{4E2952A5-394E-4184-8E12-F2D5342A43B2}"
diff --git a/Laerdal.Scripts/Laerdal.Builder.targets b/Laerdal.Scripts/Laerdal.Builder.targets
index d1effe08..778ac892 100644
--- a/Laerdal.Scripts/Laerdal.Builder.targets
+++ b/Laerdal.Scripts/Laerdal.Builder.targets
@@ -50,7 +50,9 @@
         <!-- https://docs.gitlab.com/ee/ci/variables/predefined_variables.html                                                                             -->
         <!-- https://help.github.com/en/actions/configuring-and-managing-workflows/using-environment-variables                                             -->
         <!-- https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml&WT.mc_id=DT-MVP-5003978#system-variables -->
-        <Is_CI_Build Condition=" '$(Is_CI_Build)' == ''  and  ( '$(TF_BUILD)' == 'true'  or  '$(GITHUB_ACTIONS)' == 'true'  or  '$(GITLAB_CI)' == 'true' ) ">true</Is_CI_Build>
+        <Is_CI_Build Condition="     '$(TF_BUILD)' == 'true'  or  '$(GITHUB_ACTIONS)' == 'true'  or  '$(GITLAB_CI)' == 'true' ">true</Is_CI_Build>
+        <Is_Core_Branch Condition="  '$(Laerdal_Source_Branch)' == 'refs/heads/main'  or  '$(Laerdal_Source_Branch)' == 'refs/heads/develop' ">true</Is_Core_Branch>
+        <Is_Pull_Request Condition=" '$(Laerdal_Source_Branch.StartsWith(refs/pull))' == 'true'  and  '$(Laerdal_Source_Branch.EndsWith(/merge))' == 'true' ">true</Is_Pull_Request>
 
         <Should_Skip_MacCatalyst Condition=" '$(Should_Skip_MacCatalyst)' == '' ">false</Should_Skip_MacCatalyst>
 
@@ -63,11 +65,13 @@
         <!--                                                                                                                                                                                                                               -->
         <!-- <Laerdal_Bindings_MacCatalyst___Sdk_Version Condition="        '$(Laerdal_Bindings_MacCatalyst___Sdk_Version)'        == '' ">14.2</Laerdal_Bindings_MacCatalyst___Sdk_Version>                                               -->
         <!-- <Laerdal_Bindings_MacCatalyst___Xcode_Ide_Dev_Path Condition=" '$(Laerdal_Bindings_MacCatalyst___Xcode_Ide_Dev_Path)' == '' ">/Applications/Xcode.app/Contents/Developer</Laerdal_Bindings_MacCatalyst___Xcode_Ide_Dev_Path>  -->
-
+        
         <Laerdal_Gradle_Path Condition="             '$(Laerdal_Gradle_Path)'            == '' ">gradle</Laerdal_Gradle_Path>
         <Laerdal_Source_Branch Condition="           '$(Laerdal_Source_Branch)'          == '' ">$(BUILD_SOURCEBRANCH)</Laerdal_Source_Branch>
         <Laerdal_Repository_Path Condition="         '$(Laerdal_Repository_Path)'        == '' ">$(BUILD_REPOSITORY_NAME)</Laerdal_Repository_Path>
-        <Laerdal_Should_Tag_And_Release Condition="  '$(Laerdal_Should_Tag_And_Release)' == ''  AND  ( '$(Laerdal_Source_Branch)' == 'refs/heads/main'  OR  '$(Laerdal_Source_Branch)' == 'refs/heads/master'  OR  '$(Laerdal_Source_Branch)' == 'refs/heads/develop' ) ">True</Laerdal_Should_Tag_And_Release>
+
+        <Laerdal_Should_Tag_And_Release Condition="             '$(Laerdal_Should_Tag_And_Release)'           == ''  and  ( '$(Is_Core_Branch)' == 'true'                                     ) ">True</Laerdal_Should_Tag_And_Release>
+        <Laerdal_Should_Generate_and_Upload_Sbom   Condition="  '$(Laerdal_Should_Generate_and_Upload_Sbom)'  == ''  and  ( '$(Is_Core_Branch)' == 'true'  or  '$(Is_Pull_Request)' == 'true' ) ">True</Laerdal_Should_Generate_and_Upload_Sbom>
 
         <Laerdal_McuMgr_ProjectFile>$([System.IO.Path]::Combine($(Laerdal_RootDirectory_Folderpath), `Laerdal.McuMgr`, `Laerdal.McuMgr.csproj`))</Laerdal_McuMgr_ProjectFile>
         <Laerdal_McuMgrBindings_ProjectFile_iOS>$([System.IO.Path]::Combine($(Laerdal_RootDirectory_Folderpath), `Laerdal.McuMgr.Bindings.iOS`, `Laerdal.McuMgr.Bindings.iOS.csproj`))</Laerdal_McuMgrBindings_ProjectFile_iOS>
@@ -312,17 +316,16 @@
               WorkingDirectory="$(Laerdal_RootDirectory_Folderpath)"/>
     </Target>
 
-    <!-- SBOM -->
+    <!-- GENERATE + UPLOAD SBOM -->
     <Target Name="GenerateSBOM"
-            Condition=" '$(Laerdal_Should_Tag_And_Release)' == 'True' "
-            AfterTargets="CreateGithubReleaseWithTag">
-
-        <Error Condition=" '$(PackageOutputPath)'                                   == '' " Text="'PackageOutputPath' has to be set. Please call this script again with the argument '/p:PackageOutputPath=...'"/>
+            Condition=" '$(Laerdal_Should_Generate_and_Upload_Sbom)' == 'True' "
+            AfterTargets="BuildProjects">
 
-        <Error Condition=" '$(Laerdal_Version_Full)'                                == '' " Text="'Laerdal_Version_Full' has to be set. Please call this script again with the argument '/p:Laerdal_Version_Full=...'"/>
-        <Error Condition=" '$(Laerdal_CycloneCLI_Path)'                             == '' " Text="'Laerdal_CycloneCLI_Path' has to be set. Please call this script again with the argument '/p:Laerdal_CycloneCLI_Path=...'"/>
-        <Error Condition=" '$(Laerdal_Dependency_Tracker_Api_Key)'                  == '' " Text="'Laerdal_Dependency_Tracker_Api_Key' has to be set. Please call this script again with the argument '/p:Laerdal_Dependency_Tracker_Api_Key=...'"/>
-        <Error Condition=" '$(Laerdal_Dependency_Tracker_Private_Signing_Key_Path)' == '' " Text="'Laerdal_Dependency_Tracker_Private_Signing_Key_Path' has to be set. Please call this script again with the argument '/p:Laerdal_Dependency_Tracker_Private_Signing_Key_Path=...'"/>
+        <Error Condition=" '$(PackageOutputPath)'                                        == '' " Text="'PackageOutputPath' has to be set. Please call this script again with the argument '/p:PackageOutputPath=...'"/>
+        <Error Condition=" '$(Laerdal_Version_Full)'                                     == '' " Text="'Laerdal_Version_Full' has to be set. Please call this script again with the argument '/p:Laerdal_Version_Full=...'"/>
+        <Error Condition=" '$(Laerdal_CycloneCLI_Path)'                                  == '' " Text="'Laerdal_CycloneCLI_Path' has to be set. Please call this script again with the argument '/p:Laerdal_CycloneCLI_Path=...'"/>
+        <Error Condition=" '$(Laerdal_Dependency_Tracker_Api_Key_File_Path)'             == '' " Text="'Laerdal_Dependency_Tracker_Api_Key_File_Path' has to be set. Please call this script again with the argument '/p:Laerdal_Dependency_Tracker_Api_Key_File_Path=...'"/>
+        <Error Condition=" '$(Laerdal_Dependency_Tracker_Private_Signing_Key_File_Path)' == '' " Text="'Laerdal_Dependency_Tracker_Private_Signing_Key_File_Path' has to be set. Please call this script again with the argument '/p:Laerdal_Dependency_Tracker_Private_Signing_Key_File_Path=...'"/>
 
         <Error Condition=" '$(Laerdal_McuMgr_ProjectFile)'                          == '' " Text="'Laerdal_McuMgr_ProjectFile' has to be set. Please call this script again with the argument '/p:Laerdal_McuMgr_ProjectFile=...'"/>
         <Error Condition=" '$(Laerdal_McuMgrBindings_ProjectFile_iOS)'              == '' " Text="'Laerdal_McuMgrBindings_ProjectFile_iOS' has to be set. Please call this script again with the argument '/p:Laerdal_McuMgrBindings_ProjectFile_iOS=...'"/>
@@ -340,39 +343,28 @@
             <_Laerdal_Command___Generate_SBOM>$(_Laerdal_Command___Generate_SBOM) --output &quot;$(PackageOutputPath)&quot;</_Laerdal_Command___Generate_SBOM>
             <_Laerdal_Command___Generate_SBOM>$(_Laerdal_Command___Generate_SBOM) --set-version &quot;$(Laerdal_Version_Full)&quot;</_Laerdal_Command___Generate_SBOM>
         </PropertyGroup>
+        
 
-        <!-- we intentionally avoided using WorkingDirectory="$(Laerdal_Script_FolderPath)" because our settings file enforces net8 but cyclonedx runs on net6 and net7 -->
-        <Message Importance="High" Text="** Generating SBOMs:"/>
-        <Exec Command=" $(_Laerdal_Command___Generate_SBOM)   --filename &quot;mcumgr.xml&quot;               &quot;$(Laerdal_McuMgr_ProjectFile)&quot;                      " ConsoleToMSBuild="true"/>
-        <Exec Command=" $(_Laerdal_Command___Generate_SBOM)   --filename &quot;mcumgr.ios.xml&quot;           &quot;$(Laerdal_McuMgrBindings_ProjectFile_iOS)&quot;          " ConsoleToMSBuild="true"/>
-        <Exec Command=" $(_Laerdal_Command___Generate_SBOM)   --filename &quot;mcumgr.android.xml&quot;       &quot;$(Laerdal_McuMgrBindings_ProjectFile_Android)&quot;      " ConsoleToMSBuild="true"/>
-        <Exec Command=" $(_Laerdal_Command___Generate_SBOM)   --filename &quot;mcumgr.maccatalyst.xml&quot;   &quot;$(Laerdal_McuMgrBindings_ProjectFile_MacCatalyst)&quot;  " ConsoleToMSBuild="true"/>
-        <Exec Command=" $(_Laerdal_Command___Generate_SBOM)   --filename &quot;mcumgr.netstandard.xml&quot;   &quot;$(Laerdal_McuMgrBindings_ProjectFile_NetStandard)&quot;  " ConsoleToMSBuild="true"/>
-
-        <Message Importance="High" Text="** Signing SBOMs:"/>
-        <Exec Command=" &quot;$(Laerdal_CycloneCLI_Path)&quot;   sign   bom    &quot;$([System.IO.Path]::Combine( $(PackageOutputPath), 'mcumgr.xml' ))&quot;              --key-file    &quot;$(Laerdal_Dependency_Tracker_Private_Signing_Key_Path)&quot;  " ConsoleToMSBuild="true"/>
-        <Exec Command=" &quot;$(Laerdal_CycloneCLI_Path)&quot;   sign   bom    &quot;$([System.IO.Path]::Combine( $(PackageOutputPath), 'mcumgr.ios.xml' ))&quot;          --key-file    &quot;$(Laerdal_Dependency_Tracker_Private_Signing_Key_Path)&quot;  " ConsoleToMSBuild="true"/>
-        <Exec Command=" &quot;$(Laerdal_CycloneCLI_Path)&quot;   sign   bom    &quot;$([System.IO.Path]::Combine( $(PackageOutputPath), 'mcumgr.android.xml' ))&quot;      --key-file    &quot;$(Laerdal_Dependency_Tracker_Private_Signing_Key_Path)&quot;  " ConsoleToMSBuild="true"/>
-        <Exec Command=" &quot;$(Laerdal_CycloneCLI_Path)&quot;   sign   bom    &quot;$([System.IO.Path]::Combine( $(PackageOutputPath), 'mcumgr.maccatalyst.xml' ))&quot;  --key-file    &quot;$(Laerdal_Dependency_Tracker_Private_Signing_Key_Path)&quot;  " ConsoleToMSBuild="true"/>
-        <Exec Command=" &quot;$(Laerdal_CycloneCLI_Path)&quot;   sign   bom    &quot;$([System.IO.Path]::Combine( $(PackageOutputPath), 'mcumgr.netstandard.xml' ))&quot;  --key-file    &quot;$(Laerdal_Dependency_Tracker_Private_Signing_Key_Path)&quot;  " ConsoleToMSBuild="true"/>
-
-        <!-- https://docs.dependencytrack.org/usage/cicd/#large-payloads   notice that we are forced to target                -->
-        <!-- /api/api/v1/bom instead of /api/v1/bom due to an inherent misconfiguration of laerdal's dependency-track server  -->
-        <Message Importance="High" Text="** Uploading SBOMs:"/>
         <PropertyGroup>
-            <_Laerdal_Command___Upload_SBOM>$(_Laerdal_Command___Upload_SBOM) curl &quot;$(Laerdal_Dependency_Tracker_Server_Url)&quot;</_Laerdal_Command___Upload_SBOM>
-            <_Laerdal_Command___Upload_SBOM>$(_Laerdal_Command___Upload_SBOM) --location</_Laerdal_Command___Upload_SBOM>
-            <_Laerdal_Command___Upload_SBOM>$(_Laerdal_Command___Upload_SBOM) --request &quot;POST&quot;</_Laerdal_Command___Upload_SBOM>
-            <_Laerdal_Command___Upload_SBOM>$(_Laerdal_Command___Upload_SBOM) --header &quot;Content-Type: multipart/form-data&quot;</_Laerdal_Command___Upload_SBOM>
-            <_Laerdal_Command___Upload_SBOM>$(_Laerdal_Command___Upload_SBOM) --header &quot;X-API-Key: $(Laerdal_Dependency_Tracker_Api_Key)&quot;</_Laerdal_Command___Upload_SBOM>
-            <_Laerdal_Command___Upload_SBOM>$(_Laerdal_Command___Upload_SBOM) --form &quot;autoCreate=true&quot;</_Laerdal_Command___Upload_SBOM>
-            <_Laerdal_Command___Upload_SBOM>$(_Laerdal_Command___Upload_SBOM) --form &quot;projectVersion=$(Laerdal_Version_Full)&quot;</_Laerdal_Command___Upload_SBOM>
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --project-version &quot;$(Laerdal_Version_Assembly)&quot;</_Laerdal_Sbom_Script_Parameters>            
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --output-directory-path &quot;$(PackageOutputPath)&quot;</_Laerdal_Sbom_Script_Parameters>
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --sbom-signing-key-file-path &quot;$(Laerdal_Dependency_Tracker_Private_Signing_Key_File_Path)&quot;</_Laerdal_Sbom_Script_Parameters>
+
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --dependency-tracker-url &quot;$(Laerdal_Dependency_Tracker_Server_Url)&quot;</_Laerdal_Sbom_Script_Parameters>
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --dependency-tracker-api-key-file-path &quot;$(Laerdal_Dependency_Tracker_Api_Key_File_Path)&quot;</_Laerdal_Sbom_Script_Parameters>
+
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --csproj-classifier &quot;Library&quot;</_Laerdal_Sbom_Script_Parameters>
         </PropertyGroup>
-        <Exec Command=" $(_Laerdal_Command___Upload_SBOM)   --form  &quot;bom=@$([System.IO.Path]::Combine( $(PackageOutputPath), 'mcumgr.xml'             ))&quot;   --form  &quot;classifier=CONTAINER&quot;   --form &quot;projectName=scl-mcumgr&quot;                                                                                                                      " ConsoleToMSBuild="true"/>
-        <Exec Command=" $(_Laerdal_Command___Upload_SBOM)   --form  &quot;bom=@$([System.IO.Path]::Combine( $(PackageOutputPath), 'mcumgr.ios.xml'         ))&quot;   --form  &quot;classifier=LIBRARY&quot;     --form &quot;projectName=scl-mcumgr-ios&quot;            --form  &quot;parentName=scl-mcumgr&quot;  --form  &quot;parentVersion=$(Laerdal_Version_Full)&quot;  " ConsoleToMSBuild="true"/>
-        <Exec Command=" $(_Laerdal_Command___Upload_SBOM)   --form  &quot;bom=@$([System.IO.Path]::Combine( $(PackageOutputPath), 'mcumgr.android.xml'     ))&quot;   --form  &quot;classifier=LIBRARY&quot;     --form &quot;projectName=scl-mcumgr-android&quot;        --form  &quot;parentName=scl-mcumgr&quot;  --form  &quot;parentVersion=$(Laerdal_Version_Full)&quot;  " ConsoleToMSBuild="true"/>
-        <Exec Command=" $(_Laerdal_Command___Upload_SBOM)   --form  &quot;bom=@$([System.IO.Path]::Combine( $(PackageOutputPath), 'mcumgr.maccatalyst.xml' ))&quot;   --form  &quot;classifier=LIBRARY&quot;     --form &quot;projectName=scl-mcumgr-maccatalyst&quot;    --form  &quot;parentName=scl-mcumgr&quot;  --form  &quot;parentVersion=$(Laerdal_Version_Full)&quot;  " ConsoleToMSBuild="true"/>
-        <Exec Command=" $(_Laerdal_Command___Upload_SBOM)   --form  &quot;bom=@$([System.IO.Path]::Combine( $(PackageOutputPath), 'mcumgr.netstandard.xml' ))&quot;   --form  &quot;classifier=LIBRARY&quot;     --form &quot;projectName=scl-mcumgr-netstandard&quot;    --form  &quot;parentName=scl-mcumgr&quot;  --form  &quot;parentVersion=$(Laerdal_Version_Full)&quot;  " ConsoleToMSBuild="true"/>
+
+        <!-- https://docs.dependencytrack.org/usage/cicd/#large-payloads   also notice that we are forced to target           -->
+        <!-- /api/api/v1/bom instead of /api/v1/bom due to an inherent misconfiguration of laerdal's dependency-track server  -->
+        <Message Importance="High" Text="** Generating, Singing and Uploading SBOMs:"/>
+
+        <Exec Command="   bash    Laerdal.GenerateSignAndUploadSbom.sh     $(_Laerdal_Sbom_Script_Parameters)  --csproj-file-path &quot;$(Laerdal_McuMgr_ProjectFile)&quot;                      --project-name &quot;scl-mcumgr&quot;              --output-sbom-file-name &quot;sbom.laerdal.mcumgr.xml&quot;              " ConsoleToMSBuild="true" WorkingDirectory="$(Laerdal_Script_FolderPath)"/>
+        <Exec Command="   bash    Laerdal.GenerateSignAndUploadSbom.sh     $(_Laerdal_Sbom_Script_Parameters)  --csproj-file-path &quot;$(Laerdal_McuMgrBindings_ProjectFile_iOS)&quot;          --project-name &quot;scl-mcumgr-ios&quot;          --output-sbom-file-name &quot;sbom.laerdal.mcumgr.ios.xml&quot;          --parent-project-name &quot;scl-mcumgr&quot;  --parent-project-version &quot;$(Laerdal_Version_Assembly)&quot;   " ConsoleToMSBuild="true" WorkingDirectory="$(Laerdal_Script_FolderPath)"/>
+        <Exec Command="   bash    Laerdal.GenerateSignAndUploadSbom.sh     $(_Laerdal_Sbom_Script_Parameters)  --csproj-file-path &quot;$(Laerdal_McuMgrBindings_ProjectFile_Android)&quot;      --project-name &quot;scl-mcumgr-android&quot;      --output-sbom-file-name &quot;sbom.laerdal.mcumgr.android.xml&quot;      --parent-project-name &quot;scl-mcumgr&quot;  --parent-project-version &quot;$(Laerdal_Version_Assembly)&quot;   " ConsoleToMSBuild="true" WorkingDirectory="$(Laerdal_Script_FolderPath)"/>
+        <Exec Command="   bash    Laerdal.GenerateSignAndUploadSbom.sh     $(_Laerdal_Sbom_Script_Parameters)  --csproj-file-path &quot;$(Laerdal_McuMgrBindings_ProjectFile_MacCatalyst)&quot;  --project-name &quot;scl-mcumgr-maccatalyst&quot;  --output-sbom-file-name &quot;sbom.laerdal.mcumgr.maccatalyst.xml&quot;  --parent-project-name &quot;scl-mcumgr&quot;  --parent-project-version &quot;$(Laerdal_Version_Assembly)&quot;   " ConsoleToMSBuild="true" WorkingDirectory="$(Laerdal_Script_FolderPath)"/>
+        <Exec Command="   bash    Laerdal.GenerateSignAndUploadSbom.sh     $(_Laerdal_Sbom_Script_Parameters)  --csproj-file-path &quot;$(Laerdal_McuMgrBindings_ProjectFile_NetStandard)&quot;  --project-name &quot;scl-mcumgr-netstandard&quot;  --output-sbom-file-name &quot;sbom.laerdal.mcumgr.netstandard.xml&quot;  --parent-project-name &quot;scl-mcumgr&quot;  --parent-project-version &quot;$(Laerdal_Version_Assembly)&quot;   " ConsoleToMSBuild="true" WorkingDirectory="$(Laerdal_Script_FolderPath)"/>
 
     </Target>
 
diff --git a/Laerdal.Scripts/Laerdal.GenerateSignAndUploadSbom.sh b/Laerdal.Scripts/Laerdal.GenerateSignAndUploadSbom.sh
new file mode 100644
index 00000000..94b41001
--- /dev/null
+++ b/Laerdal.Scripts/Laerdal.GenerateSignAndUploadSbom.sh
@@ -0,0 +1,248 @@
+#!/bin/bash
+
+# set -x
+
+declare project_name=""
+declare project_version=""
+
+declare parent_project_name=""
+declare parent_project_version=""
+
+declare csproj_file_path=""
+declare csproj_classifier=""
+declare output_directory_path=""
+declare output_sbom_file_name=""
+declare sbom_signing_key_file_path=""
+
+declare dependency_tracker_url=""
+declare dependency_tracker_api_key_file_path=""
+
+
+function parse_arguments() {
+
+  while [[ $# -gt 0 ]]; do
+    case $1 in
+    
+    --project-name)
+      project_name="$2"
+      shift
+      ;;
+    
+    --project-version)
+      project_version="$2"
+      shift
+      ;;
+    
+    --parent-project-name)
+      parent_project_name="$2"
+      shift
+      ;;
+
+    --parent-project-version)
+      parent_project_version="$2"
+      shift
+      ;;
+
+    --csproj-file-path)
+      csproj_file_path="$2"
+      shift
+      ;;
+
+    --csproj-classifier)
+      csproj_classifier="$2"
+      shift
+      ;;
+
+    --output-directory-path)
+      output_directory_path="$2"
+      shift
+      ;;
+    
+    --output-sbom-file-name)
+      output_sbom_file_name="$2"
+      shift
+      ;;
+
+    --sbom-signing-key-file-path)
+      sbom_signing_key_file_path="$2"
+      shift
+      ;;
+
+    --dependency-tracker-url)
+      dependency_tracker_url="$2"
+      shift
+      ;;
+
+    --dependency-tracker-api-key-file-path)
+      dependency_tracker_api_key_file_path="$2"
+      shift
+      ;;
+
+    *)
+      echo "Unknown option: $1"
+      usage
+      exit 1
+      ;;
+    esac
+
+    shift
+  done
+
+  if [[ -z ${project_name} ]]; then
+    echo "Specifying --project-name is mandatory!"
+    usage
+    exit 1
+  fi
+
+  if [[ -z ${project_version} ]]; then
+    echo "Specifying --project-version is mandatory!"
+    usage
+    exit 1
+  fi
+
+  # if [[ -z ${parent_project_name} ]]; then         this is optional
+  #      ...
+
+  # if [[ -z ${parent_project_version} ]]; then         this is optional
+  #      ...
+  
+  if [[ -n ${parent_project_name} && -z ${parent_project_version} ]]; then
+    echo "Specifying --parent-project-version is mandatory when --parent-project-name has been used!"
+    usage
+    exit 1    
+  fi
+
+  if [[ -z ${csproj_file_path} ]]; then
+    echo "Specifying --csproj-file-path is mandatory!"
+    usage
+    exit 1
+  fi
+
+  if [[ -z ${csproj_classifier} ]]; then
+    echo "Specifying --csproj-classifier is mandatory!"
+    usage
+    exit 1
+  fi
+
+  if [[ -z ${output_directory_path} ]]; then
+    echo "Specifying --output-directory-path is mandatory!"
+    usage
+    exit 1
+  fi
+
+  if [[ -z ${output_sbom_file_name} ]]; then
+    echo "Specifying --output-sbom-file-name is mandatory!"
+    usage
+    exit 1
+  fi
+  
+  if [[ -z ${sbom_signing_key_file_path} ]]; then
+    echo "Specifying --sbom-signing-key-file-path is mandatory!"
+    usage
+    exit 1
+  fi
+  
+  if [[ -z ${dependency_tracker_url} ]]; then
+    echo "Specifying --dependency-tracker-url is mandatory!"
+    usage
+    exit 1
+  fi
+
+  if [[ -z ${dependency_tracker_api_key_file_path} ]]; then
+    echo "Specifying --dependency-tracker-api-key-file-path is mandatory!"
+    usage
+    exit 1
+  fi
+}
+
+function usage() {
+  local -r script_name=$(basename "$0")
+
+  echo "Usage: ${script_name}  --project-name  <name>   --project-version <version>   [--parent-project-name  <name>   --parent-project-version <version>]   --csproj-file-path <path>    --csproj-file-path <path>   --output-directory-path <path>  --output-sbom-file-name <name>   --sbom-signing-key-file-path <path>   --dependency-tracker-url <url>   --dependency-tracker-api-key-file-path <api_key>  "
+}
+
+function generate_sign_and_upload_sbom() {
+  set -x
+
+  # GENERATE SBOM
+  dotnet-CycloneDX      "${csproj_file_path}"             \
+        --exclude-dev                                     \
+        --include-project-references                      \
+                                                          \
+        --output      "${output_directory_path}"          \
+        --set-type    "${csproj_classifier}"              \
+        --set-version "${project_version}"                \
+                                                          \
+        --filename "${output_sbom_file_name}"
+  declare exitCode=$?
+  if [ ${exitCode} != 0 ]; then
+    echo "##vso[task.logissue type=error]Failed to generate the SBOM!"
+    exit 10
+  fi
+
+
+
+  # SIGN SBOM     todo  figure out why this doesnt actually sign anything on windows even though on macos it works as intended
+  declare -r bom_file_path="${output_directory_path}/${output_sbom_file_name}"
+  ./cyclonedx  sign   bom             \
+               "${bom_file_path}"     \
+               --key-file   "${sbom_signing_key_file_path}"
+  declare exitCode=$?
+  if [ ${exitCode} != 0 ]; then
+    echo "##vso[task.logissue type=error]Singing the SBOM failed!"
+    exit 20
+  fi
+  echo -e "\n\n"
+  tail "${bom_file_path}"
+  echo -e "\n\n"
+
+
+
+  # UPLOAD SBOM
+  declare optional_parent_project_name_parameter=""
+  if [[ -n ${parent_project_name} ]]; then
+      optional_parent_project_name_parameter="--form parentName=${parent_project_name}"
+  fi
+  
+  declare optional_parent_project_version_parameter=""
+  if [[ -n ${parent_project_version} ]]; then
+      optional_parent_project_version_parameter="--form parentVersion=${parent_project_version}"
+  fi
+
+
+  declare -r http_response_code=$(                                                                       \
+      curl   "${dependency_tracker_url}"                                                                 \
+                                --location                                                               \
+                                --request "POST"                                                         \
+                                                                                                         \
+                                --header "Content-Type: multipart/form-data"                             \
+                                --header "X-API-Key: $(cat "${dependency_tracker_api_key_file_path}")"   \
+                                                                                                         \
+                                --form "bom=@${bom_file_path}"                                           \
+                                --form "autoCreate=true"                                                 \
+                                                                                                         \
+                                --form "projectName=${project_name}"                                     \
+                                --form "projectVersion=${project_version}"                               \
+                                                                                                         \
+                                ${optional_parent_project_name_parameter}                                \
+                                ${optional_parent_project_version_parameter}                             \
+                                                                                                         \
+                                -w "%{http_code}"                                                        \
+  )
+  declare exitCode=$?
+  set +x
+  
+  echo "** Curl sbom-uploading HTTP Response Code: ${http_response_code}"
+  
+  if [ ${exitCode} != 0 ]; then
+    echo "##vso[task.logissue type=error]SBOM Uploading failed!"
+    exit 30
+  fi
+}
+
+function main() {
+  parse_arguments "$@"
+  generate_sign_and_upload_sbom
+}
+
+main "$@"