We have just released an Open Source tool ReARM that connects to an OCI-compatible registry and allows you to store xBOMs for your deliverables over there - https://github.com/relizaio/rearm