diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index d7a49da..954e016 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -84,6 +84,28 @@ jobs:
       - name: Build image
         run: |
           docker build . --file Dockerfile --tag "${IMAGE_NAME}" --label "runnumber=${GITHUB_RUN_ID}"
+      - name: Manifest Generation
+        env:
+          BILLY_SERVER: https://billy.dev-aqua.codesec.aquasec.com
+        run: |
+          curl -sLo install.sh download.codesec.aquasec.com/billy/install.sh
+          curl -sLo install.sh.checksum \
+            https://github.com/argonsecurity/releases/releases/latest/download/install.sh.checksum
+
+          if ! sha256sum --check install.sh.checksum; then
+            echo "install.sh checksum failed"
+            exit 1
+          fi
+
+          BINDIR="." sh install.sh
+          rm install.sh install.sh.checksum
+
+          ./billy generate \
+            --access-token "${{ secrets.GITHUB_TOKEN }}" \
+            --aqua-key "${{ secrets.AQUA_KEY }}" \
+            --aqua-secret "${{ secrets.AQUA_SECRET }}" \
+            --cspm-url https://stage.api.cloudsploit.com \
+            --artifact-path "${IMAGE_NAME}"
       - name: Build and push
         uses: docker/build-push-action@v6
         with: