diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7d60e4a0d..081dd2008 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -126,10 +126,11 @@ jobs:
       - name: Ensure logprep is available in image
         run: |
           docker run --rm ghcr.io/fkie-cad/logprep:py${{ matrix.python-version }}-${{ github.head_ref }} --version
-  
+
       # This step will build the image again, but every layer will already be cached, so it is nearly instantaneous.
       - name: Push image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
+        id: build-and-push
         with:
           context: .
           push: true
@@ -138,7 +139,7 @@ jobs:
             PYTHON_VERSION=${{ matrix.python-version }}
           tags: |
             ghcr.io/fkie-cad/logprep:py${{ matrix.python-version }}-${{ github.head_ref }}
-  
+
       # To avoid the trivy-db becoming outdated, we save the cache for one day
       - name: Get date
         id: date
@@ -151,7 +152,7 @@ jobs:
           key: trivy-cache-${{ steps.date.outputs.date }}
           restore-keys:
             trivy-cache-
-      
+
       - name: Scan image using Trivy
         uses: aquasecurity/trivy-action@0.24.0
         env:
@@ -166,3 +167,16 @@ jobs:
       # So we need to change the permissions before caching the database.
       - name: Change permissions for trivy.db
         run: sudo chmod 0644 ./cache/db/trivy.db
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.7.0
+        with:
+          cosign-release: 'v2.4.1'
+
+      - name: Sign image with a key
+        run: |
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ghcr.io/fkie-cad/logprep:py${{ matrix.python-version }}-${{ github.head_ref }}@${DIGEST}
+        env:
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
diff --git a/.github/workflows/publish-latest-dev-release-to-pypi.yml b/.github/workflows/publish-latest-dev-release-to-github.yml
similarity index 100%
rename from .github/workflows/publish-latest-dev-release-to-pypi.yml
rename to .github/workflows/publish-latest-dev-release-to-github.yml
diff --git a/.github/workflows/publish-release-to-pypi.yml b/.github/workflows/publish-release-to-pypi.yml
index a9a9d46af..878408596 100644
--- a/.github/workflows/publish-release-to-pypi.yml
+++ b/.github/workflows/publish-release-to-pypi.yml
@@ -90,3 +90,16 @@ jobs:
             ghcr.io/fkie-cad/logprep:py${{ matrix.python-version }}-${{ github.ref_name }}
             ghcr.io/fkie-cad/logprep:py${{ matrix.python-version }}-stable
             ghcr.io/fkie-cad/logprep:py${{ matrix.python-version }}-latest
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.7.0
+        with:
+          cosign-release: 'v2.4.1'
+
+      - name: Sign image with a key
+        run: |
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ghcr.io/fkie-cad/logprep:py${{ matrix.python-version }}-${{ github.head_ref }}@${DIGEST}
+        env:
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4a3ef4057..72ea1f9b2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,6 +31,7 @@ the list is now fixed inside the packaged logprep
 * remove `tldextract` dependency
 * remove `urlextract` dependency
 * fix wrong documentation for `timestamp_differ`
+* add container signatures to image build inside ci pipeline
 
 ### Bugfix
 
diff --git a/README.md b/README.md
index 10b4fd2ed..67d9ae108 100644
--- a/README.md
+++ b/README.md
@@ -26,18 +26,15 @@ message is sent to a configured output connector.
 Logprep is primarily designed to process log messages. Generally, Logprep can handle JSON messages,
 allowing further applications besides log handling.
 
-This readme provides basic information about the following topics:
-- [About Logprep](#about-logprep)
-- [Getting Started](https://logprep.readthedocs.io/en/latest/getting_started.html)
+- [About Logprep](https://github.com/fkie-cad/Logprep/blob/main/README.md#about-logprep)
+- [Installation](https://logprep.readthedocs.io/en/latest/installation.html)
 - [Deployment Examples](https://logprep.readthedocs.io/en/latest/examples/index.html)
 - [Event Generation](https://logprep.readthedocs.io/en/latest/user_manual/execution.html#event-generation)
 - [Documentation](https://logprep.readthedocs.io/en/latest)
-- [Contributing](CONTRIBUTING)
-- [License](LICENSE)
-- [Changelog](CHANGELOG.md)
-
-More detailed information can be found in the
-[Documentation](https://logprep.readthedocs.io/en/latest/).
+- [Container signatures](https://github.com/fkie-cad/Logprep/blob/main/README.md#container-signatures)
+- [Contributing](https://github.com/fkie-cad/Logprep/blob/main/CONTRIBUTING.md)
+- [License](https://github.com/fkie-cad/Logprep/blob/main/LICENSE)
+- [Changelog](https://github.com/fkie-cad/Logprep/blob/main/CHANGELOG.md)
 
 ## About Logprep
 
@@ -230,22 +227,6 @@ If it does exist then the dropper would delete this field from the log message.
 Details about the rule language and how to write rules for the processors can be found in the
 [rule configuration documentation](https://logprep.readthedocs.io/en/latest/configuration/rules.html).
 
-## Getting Started
-
-For installation instructions see: https://logprep.readthedocs.io/en/latest/installation.html
-For execution instructions see: https://logprep.readthedocs.io/en/latest/user_manual/execution.html
-
-### Reload the Configuration
-
-A `config_refresh_interval` can be set to periodically and automatically refresh the given configuration.
-This can be useful in case of containerized environments (such as Kubernetes), when pod volumes often change
-on the fly.
-
-If the configuration does not pass a consistency check, then an error message is logged and
-Logprep keeps running with the previous configuration.
-The configuration should be then checked and corrected on the basis of the error message.
-
-
 ## Documentation
 
 The documentation for Logprep is online at https://logprep.readthedocs.io/en/latest/ or it can
@@ -259,3 +240,22 @@ make html
 ```
 
 A HTML documentation can be then found in `doc/_build/html/index.html`.
+
+## Container signatures
+
+From release 15 on, Logprep containers are signed using the cosign tool.
+To verify the container, you can copy the following public key into a file
+`logprep.pub`:
+
+```
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgkQXDi/N4TDFE2Ao0pulOFfbGm5g
+kVtARE+LJfSFI25BanOG9jaxxRGVt+Sa1KtQbMcy7Glxu0s7XgD9VFGjTA==
+-----END PUBLIC KEY-----
+```
+
+And use it to verify the signature:
+
+```
+cosign verify --key logprep.pub ghcr.io/fkie-cad/logprep:3.11-latest
+```