diff --git a/build-cosign.jenkins b/build-cosign.jenkins
new file mode 100644
index 0000000..65c38d5
--- /dev/null
+++ b/build-cosign.jenkins
@@ -0,0 +1,68 @@
+def label = "jenkins-${UUID.randomUUID().toString()}"
+
+def localRegistry = "registry.cluster.test-chamber-13.lan"
+def gcrRegistry = "gcr.io"
+
+def kanikoRepository = "${localRegistry}/library/kaniko"
+def kanikoTag = "latest"
+
+def cosignRepository = "${gcrRegistry}/projectsigstore/cosign"
+def cosignTag = "v0.4.0"
+
+def repositoryCreds = "harbor-repository-creds"
+
+podTemplate(
+	label: label,
+	name: "pipeline-worker",
+	yaml: """---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pipeline-worker
+spec:
+  containers:
+  - name: kaniko
+    imagePullPolicy: Always
+    image: "${kanikoRepository}:${kanikoTag}"
+    tty: true
+    command:
+    - /busybox/cat
+""",
+) {
+	node (label) {
+		def workspace = pwd()
+
+		stage ("Prepare Kaniko") {
+			container ("kaniko") {
+				withCredentials([usernameColonPassword(
+					credentialsId: repositoryCreds,
+					variable: "dCreds",
+				)]) {
+					def dockerJSON = """{
+						"auths": {
+							"${registry}": {
+								"auth": "${dcreds.bytes.encodeBase64().toString()}"
+							}
+						}
+					}"""
+					sh """
+						set +x
+						echo '${dockerJSON}' > /kaniko/.docker/config.json
+					"""
+				}
+			}
+		}
+
+		stage("Build Latest Alpine with CA") {
+			container("kaniko") {
+				def DF = """FROM ${registry}/library/alpine:latest as CERT_STORE
+FROM ${cosignRepository}:${cosignTag}
+
+COPY --from=CERT_STORE /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+"""
+				writeFile(file: workspace + "/Dockerfile", text: DF)
+				sh "/kaniko/executor --cleanup --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${registry}/library/cosign:latest\""
+			}
+		}
+	}
+}
\ No newline at end of file