diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e8dc914c0..6aefe5d78 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -114,6 +114,10 @@ jobs:
           SIGNING_REMOTE_SSH_HOST: ${{ secrets.SIGNING_REMOTE_SSH_HOST }}
           SIGNING_REMOTE_SSH_PRIVATE_KEY: ${{ secrets.SIGNING_REMOTE_SSH_PRIVATE_KEY }}
           SIGNING_HSM_CREDS: ${{ secrets.SIGNING_HSM_CREDS }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} # Secret for Cosign private key
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}       # Secret for Cosign password
+          COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}   # Secret for Cosign public key
+
 
   notify:
     runs-on: ubuntu-latest
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 95ca1e5f8..d92d683b4 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -57,6 +57,22 @@ builds:
       - -w
       - -X github.com/checkmarx/ast-cli/internal/params.Version={{.Version}}
 
+docker_signs:
+  - id: ast-cli-signing
+    cmd: cosign
+    args:
+      - "sign"
+      - "--key-env=COSIGN_PRIVATE_KEY"   # Private key from environment variable
+      - "${artifact}"                    # The artifact (image or manifest) to be signed
+      - "--yes"                          # Required for Cosign 2.0.0+
+    artifacts: images                     # Sign Docker images
+    stdin: "{{ .Env.COSIGN_PASSWORD }}"   # Password from environment variable
+    env:
+      - COSIGN_PRIVATE_KEY={{ .Env.COSIGN_PRIVATE_KEY }}  # Private key from GitHub Secrets
+      - COSIGN_PASSWORD={{ .Env.COSIGN_PASSWORD }}        # Password from GitHub Secrets
+      - COSIGN_PUBLIC_KEY={{ .Env.COSIGN_PUBLIC_KEY }}    # Public key from GitHub Secrets
+    output: true
+
 dockers:
   - use: docker
     dockerfile: Dockerfile