diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..caae439
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,6 @@
+*/
+!go.mod
+!go.sum
+!.git/
+!internal/
+!main.go/
\ No newline at end of file
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index fc5df0b..cbeb001 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -8,7 +8,7 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-  #- package-ecosystem: "docker"
-  #  directory: "/"
-  #  schedule:
-  #    interval: "weekly"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index cc1f4b3..90e7180 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -29,3 +29,8 @@ jobs:
         run: go install github.com/google/addlicense@latest
       - name: Check licenses
         run: addlicense -l apache -check -v -ignore '**/*.yaml' -c Humanitec ./*.go ./internal/
+      - name: Build docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: false  
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index faaa2c5..5ae4b7b 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -26,4 +26,19 @@ jobs:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          TAP_GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }}
+          TAP_GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }}  
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ghcr.io/score-spec/score-k8s:${{ github.ref_name }}
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..328ae65
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,27 @@
+# Use the official Golang image to create a build artifact.
+# This is based on Debian and sets the GOPATH to /go.
+# https://hub.docker.com/_/golang
+FROM golang:1.23 AS builder
+
+# Set the current working directory inside the container.
+WORKDIR /go/src/github.com/score-spec/score-k8s
+
+# Copy just the module bits
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy the entire project and build it.
+COPY . .
+RUN CGO_ENABLED=0 GOOS=linux go build -o /usr/local/bin/score-k8s .
+
+# We can use scratch since we don't rely on any linux libs or state.
+FROM scratch
+
+# Set the current working directory inside the container.
+WORKDIR /score-k8s
+
+# Copy the binary from the builder image.
+COPY --from=builder /usr/local/bin/score-k8s /usr/local/bin/score-k8s
+
+# Run the binary.
+ENTRYPOINT ["/usr/local/bin/score-k8s"]
\ No newline at end of file