diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml
index 58e6fb21c..99448674d 100644
--- a/.github/workflows/container-build.yml
+++ b/.github/workflows/container-build.yml
@@ -83,14 +83,14 @@ jobs:
       - name: Create SBOM of container image
         uses: anchore/sbom-action@v0
         with:
-          image: ghcr.io/fkie-cad/logprep@${{ steps.build-and-push.outputs.digest }}
+          image: ghcr.io/fkie-cad/logprep:local
           artifact-name: logprep@${{ steps.build-and-push.outputs.digest }}.spdx.json
           output-file: logprep@${{ steps.build-and-push.outputs.digest }}.spdx.json
 
       - name: Sign image with a key and add sbom attestation
         run: |
-          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ghcr.io/fkie-cad/logprep@${{ steps.build-and-push.outputs.digest }}
-          cosign attest --yes --key env://COSIGN_PRIVATE_KEY --predicate logprep@${{ steps.build-and-push.outputs.digest }}.spdx.json ghcr.io/fkie-cad/logprep@${{ steps.build-and-push.outputs.digest }}
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ghcr.io/fkie-cad/logprep:local
+          cosign attest --yes --key env://COSIGN_PRIVATE_KEY --predicate logprep@${{ steps.build-and-push.outputs.digest }}.spdx.json ghcr.io/fkie-cad/logprep:local
         env:
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
@@ -114,7 +114,7 @@ jobs:
           TRIVY_CACHE_DIR: ./cache
         with:
           scan-type: image
-          image-ref: ghcr.io/fkie-cad/logprep@${{ steps.build-and-push.outputs.digest }}
+          image-ref: ghcr.io/fkie-cad/logprep:local
           trivy-config: trivy.yaml
 
       # Trivy-db uses `0600` permissions.