diff --git a/setup.py b/setup.py
new file mode 100644
index 0000000..10c14e3
--- /dev/null
+++ b/setup.py
@@ -0,0 +1,34 @@
+import os
+import re
+
+from setuptools import setup
+from wheel.bdist_wheel import bdist_wheel as _bdist_wheel
+
+ROOT = os.path.dirname(os.path.abspath(__file__))
+
+
+def generate_sbom():
+    with open(os.path.join(ROOT, "VERSION")) as f:
+        version = f.read().strip()
+    with open(os.path.join(ROOT, "src", "tzdata", "__init__.py")) as f:
+        init_text = f.read()
+    iana_version = re.search(r'IANA_VERSION\s*=\s*"([^"]+)"', init_text).group(1)
+    with open(os.path.join(ROOT, "templates", "sbom.cdx.json.in")) as f:
+        template = f.read()
+    return template.replace("%%PACKAGE_VERSION%%", version).replace(
+        "%%IANA_VERSION%%", iana_version
+    )
+
+
+class bdist_wheel(_bdist_wheel):
+    def write_wheelfile(self, wheelfile_base, *args, **kwargs):
+        _bdist_wheel.write_wheelfile(self, wheelfile_base, *args, **kwargs)
+        sboms_dir = os.path.join(wheelfile_base, "sboms")
+        if not os.path.isdir(sboms_dir):
+            os.makedirs(sboms_dir)
+        with open(os.path.join(sboms_dir, "sbom.cdx.json"), "w") as f:
+            f.write(generate_sbom())
+
+
+cmdclass = {"bdist_wheel": bdist_wheel}
+setup(cmdclass=cmdclass)
diff --git a/templates/sbom.cdx.json.in b/templates/sbom.cdx.json.in
new file mode 100644
index 0000000..1648d8b
--- /dev/null
+++ b/templates/sbom.cdx.json.in
@@ -0,0 +1,38 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
+  "version": 1,
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.7",
+  "metadata": {
+    "component": {
+      "bom-ref": "pkg:pypi/tzdata@%%PACKAGE_VERSION%%",
+      "name": "tzdata",
+      "version": "%%PACKAGE_VERSION%%",
+      "purl": "pkg:pypi/tzdata@%%PACKAGE_VERSION%%",
+      "type": "library",
+      "components": [
+        {
+          "bom-ref": "https://www.iana.org/time-zones",
+          "name": "tz",
+          "version": "%%IANA_VERSION%%",
+          "type": "data",
+          "data": [
+            {
+              "type": "dataset",
+              "name": "IANA Time Zone Database",
+              "description": "zic-compiled TZif timezone files"
+            }
+          ],
+          "licenses": [
+            {
+              "license": {
+                "name": "tz database license",
+                "url": "https://data.iana.org/time-zones/tz-link.html"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  }
+}