diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 05832906d1..ab8d4414c9 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -647,6 +647,14 @@ tasks:
           binary: bash
           args: [*task-runner, check-fmt, check-license, check-modules, lint]
 
+  - name: generate-sbom
+    tags: ["ssdlc"]
+    commands:
+      - command: subprocess.exec
+        params:
+          binary: bash
+          args: [*task-runner, generate-sbom]
+
   - name: pull-request-helpers
     allowed_requesters: ["patch", "github_pr"]
     commands:
diff --git a/Taskfile.yml b/Taskfile.yml
index 3473cb4981..ac4bd7c0ef 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -85,6 +85,19 @@ tasks:
 
   update-notices: bash etc/generate_notices.pl > THIRD-PARTY-NOTICES
 
+  generate-sbom:
+    desc: Generate a CycloneDX SBOM
+    summary: |
+      The cyclonedx-gomod 'mod' subcommand is used to generate a CycloneDX SBOM with GOWORK=off to exclude example/test code.
+      The SBOM includes the aggregate of modules required by packages in the mongo-go-driver library, excluding examples, tests and test packages.
+      Task will run only when go.mod is newer than sbom.cdx.json.
+      TODO: Add libmongocrypt as an optional component via a merge once the libmongocrypt SBOM is updated with newer automation
+    method: timestamp
+    sources: [go.mod]
+    generates: [sbom.cdx.json]
+    cmd: |
+      GOWORK=off go run github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.9.0 mod -type library -licenses -assert-licenses -output-version 1.5 -json -output sbom.cdx.json .
+  
   ### Local testing tasks. ###
   test: go test ${BUILD_TAGS} -timeout {{.TEST_TIMEOUT}}s -p 1 ./...
 
diff --git a/etc/generate-sbom.sh b/etc/generate-sbom.sh
new file mode 100644
index 0000000000..9b00941586
--- /dev/null
+++ b/etc/generate-sbom.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -eux
+
+task generate-sbom