diff --git a/.clomonitor.yml b/.clomonitor.yml
new file mode 100644
index 000000000..9d41bb50b
--- /dev/null
+++ b/.clomonitor.yml
@@ -0,0 +1,12 @@
+
+# CLOMonitor metadata file
+# This file must be located at the root of the repository
+
+# Checks exemptions
+
+# Check identifiers are here https://github.com/cncf/clomonitor/blob/main/docs/checks.md#exemptions (look for "id")
+exemptions:
+  - check: signed_releases
+    reason: "Our releases are signed on Maven Central"
+  - check: artifacthub_badge
+    reason: "Java library, not a k8s thing. We use Maven Central"
diff --git a/README.md b/README.md
index b6a501ad0..68df0fa11 100644
--- a/README.md
+++ b/README.md
@@ -122,6 +122,10 @@ The continuous integration runs a set of [gherkin integration tests](https://git
 
 See [releasing](./docs/release.md).
 
+### Software Bill of Materials (SBOM)
+
+We publish SBOMs with all of our releases as of 0.3.0. You can find them in Maven Central alongside the artifacts.
+
 ## Contributors
 
 Thanks so much to our contributors.