diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index 8cd64d2498bd9a31faa812ab187848382b0877c4..1eacb945d5963db3b9d85a957be85cba303a40b1 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -185,6 +185,31 @@ spec:
     sbom-opts:
       description: Options for syft used for SBOM analysis
       default: --override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger
+    hadolint-job-tags:
+      description: tags to filter applicable runners for hadolint job
+      default: []
+    kaniko-build-job-tags:
+      description: tags to filter applicable runners for kaniko build job
+      default: []
+    dind-build-job-tags:
+      description: tags to filter applicable runners for dind build job
+      default: []
+    buildah-build-job-tags:
+      description: tags to filter applicable runners for buildah build job
+      default: []
+    healthcheck-job-tags:
+      description: tags to filter applicable runners for healthcheck job
+      default: []
+    trivy-job-tags:
+      description: tags to filter applicable runners for trivy job
+      default: []
+    sbom-job-tags:
+      description: tags to filter applicable runners for sbom job
+      default: []
+    publish-job-tags:
+      description: tags to filter applicable runners for publish job
+      default: []
+
 ---
 # default workflow rules: Merge Request pipelines
 workflow:
@@ -750,6 +775,7 @@ docker-hadolint:
     - if: '$DOCKER_HADOLINT_DISABLED == "true"'
       when: never
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.hadolint-job-tags ]]
 
 # ==================================================
 # Stage: package-build
@@ -777,6 +803,7 @@ docker-kaniko-build:
         - docker.env
   rules:
     - if: '$DOCKER_BUILD_TOOL == "kaniko"'
+  tags: $[[ inputs.kaniko-build-job-tags ]]
 
 docker-dind-build:
   extends: .docker-dind-base
@@ -814,6 +841,7 @@ docker-dind-build:
         - docker.env
   rules:
     - if: '$DOCKER_BUILD_TOOL == "dind"'
+  tags: $[[ inputs.dind-build-job-tags ]]
 
 docker-buildah-build:
   extends: .docker-base
@@ -851,6 +879,7 @@ docker-buildah-build:
         - docker.env
   rules:
     - if: '$DOCKER_BUILD_TOOL == "buildah"'
+  tags: $[[ inputs.buildah-build-job-tags ]]
 
 # ==================================================
 # Stage: package-test
@@ -918,6 +947,7 @@ docker-healthcheck:
     - if: '$DOCKER_BUILD_TOOL != "dind"'
       when: never
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.healthcheck-job-tags ]]
 
 # Security audit with trivy
 docker-trivy:
@@ -968,6 +998,7 @@ docker-trivy:
     - if: '$DOCKER_TRIVY_DISABLED == "true"'
       when: never
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.trivy-job-tags ]]
 
 docker-sbom:
   extends: .docker-base
@@ -994,6 +1025,7 @@ docker-sbom:
     - if: '$DOCKER_SBOM_DISABLED == "true"'
       when: never
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.sbom-job-tags ]]
 
 # ==================================================
 # Stage: publish
@@ -1065,3 +1097,4 @@ docker-publish:
     - if: '$DOCKER_PROD_PUBLISH_STRATEGY == "manual"'
       when: manual
     - if: '$DOCKER_PROD_PUBLISH_STRATEGY == "auto"'
+  tags: $[[ inputs.publish-job-tags ]]
\ No newline at end of file