diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
index 166f08e..591da12 100644
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -68,6 +68,14 @@ jobs:
       run: |
         cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }}@${{ steps.docker_build.outputs.digest }}
 
+    - name: Attest
+      uses: actions/attest-build-provenance@v2
+      id: attest
+      with:
+        subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        subject-digest: ${{ steps.docker_build.outputs.digest }}
+        push-to-registry: true
+
     - name: Run Trivy vulnerability scanner
       uses: aquasecurity/trivy-action@master
       with:
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index 1cbc2b6..e2bbe64 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -38,6 +38,12 @@ jobs:
         check-latest: true
     - name: Build Installer
       run: make build-installer IMG=ghcr.io/hyperspike/valkey-operator:${{ github.ref_name }}
+    - name: Attest
+      uses: actions/attest-build-provenance@v2
+      id: attest
+      with:
+        subject-path: |
+          dist/install.yaml
     - name: Upload dist/install.yaml to release
       uses: svenstaro/upload-release-action@v2
       with: