diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml
index 7a732c2d5..b5ecc1cb8 100644
--- a/.github/workflows/check.yaml
+++ b/.github/workflows/check.yaml
@@ -319,6 +319,9 @@ jobs:
         run: |
             jq -s '.[0] * .[1]' ${{ steps.meta.outputs.bake-file }} ${{ steps.meta-debug.outputs.bake-file }} > docker-bake.override.json
 
+      - name: Setup Cosign
+        uses: sigstore/cosign-installer@v2.0.0
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
         with:
@@ -351,3 +354,10 @@ jobs:
             base.output=type=image,push=true
             base.cache-from=type=registry,ref=${{ env.IMAGE }}:buildcache
             base.cache-to=type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max
+
+      - name: Sign the images with GitHub Actions provided token
+        if: github.event_name != 'pull_request'
+        run: cosign sign ${TAGS}
+        env:
+          TAGS: "${{ steps.meta.outputs.tags }} ${{ steps.meta-debug.outputs.tags }}"
+          COSIGN_EXPERIMENTAL: 1