diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index bd7b348..66752ff 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,4 +1,10 @@
 version: 2
+registries:
+  dhi:
+    type: docker-registry
+    url: dhi.io
+    username: ${{ secrets.DOCKERHUB_USERNAME }}
+    password: ${{ secrets.DOCKERHUB_TOKEN }}
 updates:
   - package-ecosystem: github-actions
     directory: /
@@ -19,5 +25,7 @@ updates:
     schedule:
       interval: monthly
       day: sunday
+    registries:
+    - dhi
     open-pull-requests-limit: 3
     rebase-strategy: disabled
diff --git a/.github/workflows/build-verify.yml b/.github/workflows/build-verify.yml
index aa11852..3ad1a21 100644
--- a/.github/workflows/build-verify.yml
+++ b/.github/workflows/build-verify.yml
@@ -113,3 +113,33 @@ jobs:
             images+="${tag}@${DIGEST} "
           done
           cosign sign --new-bundle-format=false --use-signing-config=false --yes ${images}
+      
+      - name: Build and push container image for cli as distroless
+        id: build-and-push-distroless
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
+        with:
+          context: .
+          sbom: true
+          push: true
+          provenance: mode=max
+          platforms: linux/amd64,linux/arm64
+          builder: buildx-multi-arch
+          file: build/Dockerfile.dhi
+          labels: |
+            org.opencontainers.image.revision=${GITHUB_SHA}
+            org.opencontainers.image.created=${{ steps.date.outputs.date }}
+          tags: quay.io/microcks/microcks-cli:${{env.IMAGE_TAG}}-distroless,docker.io/microcks/microcks-cli:${{env.IMAGE_TAG}}-distroless
+
+      - name: Sign the distroless image with GitHub OIDC Token
+        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
+        env:
+          DIGEST: ${{ steps.build-and-push-distroless.outputs.digest }}
+          TAGS: quay.io/microcks/microcks-cli:${{env.IMAGE_TAG}}-distroless docker.io/microcks/microcks-cli:${{env.IMAGE_TAG}}-distroless
+          COSIGN_EXPERIMENTAL: "true"
+        run: |
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --new-bundle-format=false --use-signing-config=false --yes ${images}
diff --git a/build/Dockerfile.dhi b/build/Dockerfile.dhi
new file mode 100644
index 0000000..e9908d2
--- /dev/null
+++ b/build/Dockerfile.dhi
@@ -0,0 +1,25 @@
+# Build binary
+FROM --platform=$BUILDPLATFORM dhi.io/golang:1.25.9-alpine3.23-dev AS build-env
+ADD . /app
+WORKDIR /app
+ARG TARGETOS
+ARG TARGETARCH
+RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
+    go build -ldflags="-s -w" -o microcks github.com/microcks/microcks-cli
+    
+# Build image
+FROM dhi.io/static:20260413-alpine3.23
+
+# Some version information
+LABEL maintainer="Laurent Broudoux <laurent@microcks.io>" \
+      org.opencontainers.image.authors="Laurent Broudoux <laurent@microcks.io>" \
+      org.opencontainers.image.title="Microcks CLI" \
+      org.opencontainers.image.description="Microcks is Open Source cloud-native native tool for API Mocking and Testing" \
+      org.opencontainers.image.licenses="Apache-2.0" \
+      org.opencontainers.image.documentation="https://github.com/microcks/microcks-cli" \
+      io.artifacthub.package.readme-url="https://raw.githubusercontent.com/microcks/microcks-cli/master/README.md"
+
+# install cli binary
+COPY --from=build-env /app/microcks /usr/local/bin/microcks
+
+COPY build/bin /usr/local/bin