diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6023f70a195266d1b553158d882d3840db2144ca..313f6d126ce0cbe1c38a532f99a0b3cc9d136808 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -95,7 +95,8 @@ stages:
   # We use a dash `-` here, instead of the `+`.
   # This may be problematic, because it indicates a semver prerelease.
   - export RELEASE_IMAGE_NAME="$CI_REGISTRY_IMAGE/gitlab-opentofu"
-  - export RELEASE_IMAGE="${RELEASE_IMAGE_NAME}:${RELEASE_VERSION}${RELEASE_OPENTOFU_VERSION:+-opentofu$RELEASE_OPENTOFU_VERSION}${RELEASE_BASE_IMAGE_OS:+-$RELEASE_BASE_IMAGE_OS}"
+  - export RELEASE_IMAGE_TAG="${RELEASE_VERSION}${RELEASE_OPENTOFU_VERSION:+-opentofu$RELEASE_OPENTOFU_VERSION}${RELEASE_BASE_IMAGE_OS:+-$RELEASE_BASE_IMAGE_OS}"
+  - export RELEASE_IMAGE="${RELEASE_IMAGE_NAME}:${RELEASE_IMAGE_TAG}"
 
 variables:
   # OpenTofu variables
@@ -287,7 +288,30 @@ gitlab-opentofu-image:sign:
     - apk add --update cosign
     - cosign login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
   script:
+    # OpenContainers Annotations from: https://github.com/opencontainers/image-spec/blob/main/annotations.md
     - cosign sign "$(crane digest --full-ref "$RELEASE_IMAGE")"
+        --annotations "org.opencontainers.image.created=$CI_PIPELINE_CREATED_AT"
+        --annotations "org.opencontainers.image.authors=$CI_PROJECT_URL"
+        --annotations "org.opencontainers.image.url=$CI_PROJECT_URL"
+        --annotations "org.opencontainers.image.documentation=$CI_PROJECT_URL"
+        --annotations "org.opencontainers.image.source=$CI_PROJECT_URL"
+        --annotations "org.opencontainers.image.version=$CI_COMMIT_TAG"
+        --annotations "org.opencontainers.image.revision=$CI_COMMIT_SHA"
+        --annotations "org.opencontainers.image.vendor=GitLab"
+        --annotations "org.opencontainers.image.licenses=MIT"
+        --annotations "org.opencontainers.image.ref.name=$RELEASE_IMAGE"
+        --annotations "org.opencontainers.image.title='GitLab OpenTofu CI/CD Component'"
+        --annotations "org.opencontainers.image.description='GitLab OpenTofu CI/CD Component, including OpenTofu and a wrapper to integrate with GitLab.'"
+        --annotations "com.gitlab.ci.user.name=$GITLAB_USER_NAME"
+        --annotations "com.gitlab.ci.user.id=$GITLAB_USER_ID"
+        --annotations "com.gitlab.ci.pipeline.id=$CI_PIPELINE_ID"
+        --annotations "com.gitlab.ci.pipeline.url=$CI_PIPELINE_URL"
+        --annotations "com.gitlab.ci.job.id=$CI_JOB_ID"
+        --annotations "com.gitlab.ci.job.url=$CI_JOB_URL"
+        --annotations "com.gitlab.ci.commit.sha=$CI_COMMIT_SHA"
+        --annotations "com.gitlab.ci.commit.ref.name=$CI_COMMIT_REF_NAME"
+        --annotations "com.gitlab.ci.project.path=$CI_PROJECT_PATH"
+        --annotations "tag=$RELEASE_IMAGE_TAG"
     - export image_digest="$(crane digest $RELEASE_IMAGE)"
     - 'echo "- \`$RELEASE_IMAGE\` (digest: \`$image_digest\`)" > image$CI_JOB_ID.md'
   artifacts: