diff --git a/.github/workflows/publish-artifacts.yml b/.github/workflows/publish-artifacts.yml
index 770ccfd60..10d50541c 100644
--- a/.github/workflows/publish-artifacts.yml
+++ b/.github/workflows/publish-artifacts.yml
@@ -14,6 +14,7 @@ jobs:
       contents: read
       packages: write
       id-token: write
+      attestations: write
     strategy:
       matrix:
         tee:
@@ -101,6 +102,7 @@ jobs:
       run: make ./target/${{ matrix.arch }}-unknown-linux-${{ matrix.libc}}/release/attestation-agent
 
     - name: Publish to ORAS
+      id: publish
       env:
         ARCH: ${{ matrix.arch == 'x86_64' && 'amd64' || matrix.arch }}
       run: |
@@ -118,12 +120,23 @@ jobs:
         docker manifest create "${image}:${tag}" --amend "${image}:${arch_tag}"
         docker manifest annotate --arch "$ARCH" --os linux "${image}:${tag}" "${image}:${arch_tag}"
         docker manifest push "${image}:${tag}"
+        # add image and digest to output for attestation
+        echo "image=${image}" >> "$GITHUB_OUTPUT"
+        digest="$(oras manifest fetch "${image}:${arch_tag}" | jq -r '.manifests[].digest')"
+        echo "digest=${digest}" >> "$GITHUB_OUTPUT"
+
+    - uses: actions/attest-build-provenance@v1
+      with:
+        subject-name: ${{ steps.publish.outputs.image }}
+        subject-digest: ${{ steps.publish.outputs.digest }}
+        push-to-registry: true
 
   publish-cdh-and-asr:
     permissions:
       contents: read
       packages: write
       id-token: write
+      attestations: write
     strategy:
       matrix:
         arch: