diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index 6b2d33ae..4df6e2d6 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -5,7 +5,7 @@ inputs:
     required: true
   deploy-token:
     required: true
-  cache-key:
+  image-name:
     required: true
 
 runs:
@@ -13,48 +13,79 @@ runs:
   steps:
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
+
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
       with:
         driver-opts: image=moby/buildkit:v0.13.0
+
     - name: Login to ghcr.io
       uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ inputs.deploy-user }}
         password: ${{ inputs.deploy-token }}
+
     - name: Set SOURCE_DATE_EPOCH
       run: |
         echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
       shell: bash
+
     - name: Determine Debian tag
       run: |
         DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
         echo "DEBIAN_TAG=$(podman image search --list-tags debian --limit 1000000000 | \
                            grep "$DEBIAN_RELEASE-.*-slim" | sort -r | head -1 | sed 's/.*[ ]\+//')" >> $GITHUB_ENV
       shell: bash
+
     - name: Prepare repository for COPY-in
       run: |
         git clone . /home/runner/kas-clone
       shell: bash
+
+    - name: Define image description
+      run: |
+        case ${{ inputs.image-name }} in
+        kas)
+            echo "IMAGE_DESCRIPTION=kas build environment for Yocto/OpenEmbedded projects" >> $GITHUB_ENV
+            ;;
+        kas-isar)
+            echo "IMAGE_DESCRIPTION=kas build environment for isar-based Debian projects" >> $GITHUB_ENV
+            ;;
+        esac
+      shell: bash
+
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        annotations: |
+          org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
+          org.opencontainers.image.licenses=MIT and others
+      env:
+        DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+
     - name: Cache var-cache-apt
       id: cache-var-cache-apt
       uses: actions/cache@v4
       with:
         path: var-cache-apt
-        key: var-cache-apt-${{ env.DEBIAN_TAG }}-${{ inputs.cache-key }}
+        key: var-cache-apt-${{ env.DEBIAN_TAG }}-${{ inputs.image-name }}
+
     - name: Cache var-lib-apt
       id: cache-var-lib-apt
       uses: actions/cache@v4
       with:
         path: var-lib-apt
-        key: var-lib-apt-${{ env.DEBIAN_TAG }}-${{ inputs.cache-key }}
+        key: var-lib-apt-${{ env.DEBIAN_TAG }}-${{ inputs.image-name }}
+
     - name: Inject var-cache-apt into docker
       uses: reproducible-containers/buildkit-cache-dance@v2.1.4
       with:
         cache-source: var-cache-apt
         cache-target: /var/cache/apt
         skip-extraction: ${{ steps.cache-var-cache-apt.outputs.cache-hit }}
+
     - name: Inject var-lib-apt into docker
       uses: reproducible-containers/buildkit-cache-dance@v2.1.4
       with:
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index e128022b..5f1753c7 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -30,7 +30,7 @@ jobs:
         with:
           deploy-user: ${{ github.actor }}
           deploy-token: ${{ secrets.GITHUB_TOKEN }}
-          cache-key: ${{ matrix.image-name }}
+          image-name: ${{ matrix.image-name }}
       - name: Build ${{ matrix.image-name }} image
         uses: docker/build-push-action@v5
         if: ${{ env.PUSH_MASTER }}
@@ -44,3 +44,4 @@ jobs:
           provenance: mode=max,reproducible=true
           outputs: type=registry,rewrite-timestamp=true
           tags: ghcr.io/siemens/kas/${{ matrix.image-name }}
+          annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
diff --git a/.github/workflows/next.yml b/.github/workflows/next.yml
index 567f3cda..8575a759 100644
--- a/.github/workflows/next.yml
+++ b/.github/workflows/next.yml
@@ -76,7 +76,7 @@ jobs:
         with:
           deploy-user: ${{ github.actor }}
           deploy-token: ${{ secrets.GITHUB_TOKEN }}
-          cache-key: ${{ matrix.image-name }}
+          image-name: ${{ matrix.image-name }}
 
       - name: Build ${{ matrix.image-name }} image
         uses: docker/build-push-action@v5
@@ -105,3 +105,4 @@ jobs:
           provenance: mode=max,reproducible=true
           outputs: type=registry,rewrite-timestamp=true
           tags: ghcr.io/siemens/kas/${{ matrix.image-name }}:next
+          annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 67e7a97c..5c0c2e03 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,7 +22,7 @@ jobs:
         with:
           deploy-user: ${{ github.actor }}
           deploy-token: ${{ secrets.GITHUB_TOKEN }}
-          cache-key: ${{ matrix.image-name }}
+          image-name: ${{ matrix.image-name }}
       - name: Build ${{ matrix.image-name }} image
         uses: docker/build-push-action@v5
         with:
@@ -38,3 +38,4 @@ jobs:
             ghcr.io/siemens/kas/${{ matrix.image-name }}
             ghcr.io/siemens/kas/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}
             ghcr.io/siemens/kas/${{ matrix.image-name }}:latest-release
+          annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}