diff --git a/README.md b/README.md
index 6272346239d41079a87fb48521e15e2d647c0f2f..9e19768fb95b5be85e4f382d120af2dd7f49eaba 100644
--- a/README.md
+++ b/README.md
@@ -98,6 +98,7 @@ It is bound to the `build` stage, and uses the following variable:
 | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------- |
 | `lint-enabled` / `NODE_LINT_ENABLED` | Set to `true` to enable lint analysis                                                                                                                                                                                                                                                                              | _none_ (disabled) |
 | `lint-args` / `NODE_LINT_ARGS`       | npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis <br/> yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis <br/> pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis | `run lint`        |
+| `node-lint-job-tags` / `NODE_LINT_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
 
 The job generates a lint report that you will find here: `NODE_PROJECT_DIR/reports/node-lint.xslint.json`.
 
@@ -116,6 +117,7 @@ This job is bound to the `build` stage, and uses the following variables:
 | `build-dir` / `NODE_BUILD_DIR`           | Variable to define build directory                                                                                                                                                                                                                                                                                  | `dist`               |
 | `build-args` / `NODE_BUILD_ARGS`         | npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments <br/> yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments <br/> pnpm [run script](https://pnpm.io/cli/run) arguments <br/>⚠ default value should be overridden for `pnpm` as `--prod` is not a valid option. | `run build --prod`   |
 | `test-args` / `NODE_TEST_ARGS`           | npm [test](https://docs.npmjs.com/cli/v8/commands/npm-test) arguments <br/> yarn [test](https://classic.yarnpkg.com/en/docs/cli/test) arguments <br/> pnpm [test](https://pnpm.io/cli/test) arguments                                                                                                               | `test -- --coverage` |
+| `node-build-job-tags` / `NODE_BUILD_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
 
 #### Unit Tests and Code Coverage reports
 
@@ -348,6 +350,7 @@ In addition to a textual report in the console, this job produces the following
 | Report                                            | Format                                                        | Usage                                                                                                                                                                                                                                  |
 | ------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `$NODE_PROJECT_DIR/reports/npm-audit.native.json` | [JSON](https://docs.npmjs.com/cli/v9/commands/npm-audit#json) | [DefectDojo integration](https://documentation.defectdojo.com/integrations/parsers/#npm-audit)<br/>_This report is generated only if DefectDojo template is detected, if needed, you can force it with `$DEFECTDOJO_NPMAUDIT_REPORTS`_ |
+| `node-audit-jobs-tags` / `NODE_AUDIT_JOB_TAGS`    | Tags to be used for selecting runners for the job              | [] |
 
 ### `node-outdated` job
 
@@ -359,6 +362,7 @@ It is bound to the `test` stage.
 | ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
 | `outdated-disabled` / `NODE_OUTDATED_DISABLED` | Set to `true` to disable npm outdated                                                                                                                                                                                               | _none_ (enabled) |
 | `outdated-args` / `NODE_OUTDATED_ARGS`         | npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments <br/> yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments <br/> pnpm [outdated](https://pnpm.io/cli/outdated) arguments | `--long`         |
+| `node-outdated-job-tags` / `NODE_OUTDATED_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
 
 The job generates an outdated report that you will find here: `NODE_PROJECT_DIR/reports/npm-outdated-report.json`.
 
@@ -376,6 +380,7 @@ It is bound to the `test` stage, and uses the following variables:
 | `semgrep-rules` / `NODE_SEMGREP_RULES`                                   | Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).<br/>Can be both local YAML files or remote rules from the [Semgrep Registry](https://semgrep.dev/explore) (denoted by the `p/` prefix). | `p/javascript p/eslint p/gitlab-eslint`                      |
 | `semgrep-registry-base-url` / `NODE_SEMGREP_REGISTRY_BASE_URL`           | The Semgrep Registry base URL that is used to download the rules. No trailing slash.                                                                                                                                     | `https://semgrep.dev/c`                                      |
 | `semgrep-download-rules-enabled` / `NODE_SEMGREP_DOWNLOAD_RULES_ENABLED` | Download Semgrep remote rules                                                                                                                                                                                            | `true`                                                       |
+| `node-semgrep-job-tags` / `NODE_SEMGREP_JOB_TAGS`                       | Tags to be used for selecting runners for the job | [] |
 
 > :information_source: Semgrep may [collect some metrics](https://semgrep.dev/docs/metrics), especially when using rules from the Semgrep Registry.
 > To protect your privacy and let you run Semgrep in air-gap environments, this template disables all Semgrep metrics by default:
@@ -402,6 +407,7 @@ It is bound to the `test` stage, and uses the following variables:
 | `sbom-disabled` / `NODE_SBOM_DISABLED` | Set to `true` to disable this job                           | _none_               |
 | `sbom-version` / `NODE_SBOM_VERSION`   | The version of @cyclonedx/cyclonedx-npm used to emit SBOM   | _none_ (uses latest) |
 | `sbom-opts` / `NODE_SBOM_OPTS`         | Options for @cyclonedx/cyclonedx-npm used for SBOM analysis | `--omit dev`         |
+| `node-sbom-job-tags` / `NODE_SBOM_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
 
 ### `node-publish` job
 
@@ -417,6 +423,7 @@ It uses the following variables:
 | `publish-enabled` / `NODE_PUBLISH_ENABLED` | Set to `true` to enable the publish job                                                                                                                                                                                                      | _none_ (disabled) |
 | `publish-args` / `NODE_PUBLISH_ARGS`       | npm [publish](https://docs.npmjs.com/cli/v8/commands/npm-publish) extra arguments<br/>yarn [publish](https://classic.yarnpkg.com/lang/en/docs/cli/publish/) extra arguments <br/>pnpm [publish](https://pnpm.io/cli/publish) extra arguments | _none_            |
 | :lock: `NODE_PUBLISH_TOKEN`                | npm publication registry authentication token                                                                                                                                                                                                | _none_            |
+| `node-publish-job-tags` / `NODE_PUBLISH_JOB_TAGS` | Tags to be used for selecting runners for the job | [] |
 
 #### Configure the target registry
 
diff --git a/kicker.json b/kicker.json
index fe6d12dbc5bfbf832a72c3155a0b172ffceadb01..0304be1a9658936d2f7311dbe895fc1be2b90b84 100644
--- a/kicker.json
+++ b/kicker.json
@@ -71,8 +71,15 @@
       "name": "NODE_INSTALL_EXTRA_OPTS",
       "description": "Extra options to install project dependencies (either [`npm ci`](https://docs.npmjs.com/cli/ci.html/), [`yarn install`](https://yarnpkg.com/cli/install) or [`pnpm install`](https://pnpm.io/cli/install))",
       "advanced": true
+    },
+    {
+      "name": "NODE_BUILD_JOB_TAGS",
+      "description": "Tags to be used for selecting runners for the job",
+      "type": "array",
+      "default": [],
+      "advanced": true
     }
-  ],
+],
   "features": [
     {
       "id": "node-lint",
@@ -85,6 +92,13 @@
           "description": "npm [run script](https://docs.npmjs.com/cli/v8/commands/npm-run-script) arguments to execute the lint analysis - yarn [run script](https://classic.yarnpkg.com/en/docs/cli/run) arguments to execute the lint analysis - pnpm [run script](https://pnpm.io/cli/run) arguments to execute the lint analysis",
           "default": "run lint",
           "advanced": true
+        },
+        {
+          "name": "NODE_LINT_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     },
@@ -98,6 +112,13 @@
           "name": "NODE_AUDIT_ARGS",
           "description": "npm [audit](https://docs.npmjs.com/cli/v8/commands/npm-audit) arguments - yarn [audit](https://classic.yarnpkg.com/en/docs/cli/audit) arguments - [pnpm audit](https://pnpm.io/cli/audit) arguments",
           "default": "--audit-level=low"
+        },
+        {
+          "name": "NODE_AUDIT_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     },
@@ -111,6 +132,13 @@
           "name": "NODE_OUTDATED_ARGS",
           "description": "npm [outdated](https://docs.npmjs.com/cli/v8/commands/npm-outdated) arguments - yarn [outdated](https://classic.yarnpkg.com/lang/en/docs/cli/outdated/) arguments - pnpm [outdated](https://pnpm.io/cli/outdated) arguments",
           "default": "--long"
+        },
+        {
+          "name": "NODE_OUTDATED_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     },
@@ -145,6 +173,13 @@
           "description": "Download Semgrep remote rules",
           "type": "boolean",
           "default": "true"
+        },
+        {
+          "name": "NODE_PUBLISH_SEMGREP_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     },
@@ -164,6 +199,13 @@
           "description": "Options for @cyclonedx/cyclonedx-npm used for SBOM analysis",
           "default": "--omit dev",
           "advanced": true
+        },
+        {
+          "name": "NODE_SBOM_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     },
@@ -182,6 +224,13 @@
           "name": "NODE_PUBLISH_TOKEN",
           "description": "npm publication registry authentication token",
           "secret": true
+        },
+        {
+          "name": "NODE_PUBLISH_JOB_TAGS",
+          "description": "Tags to be used for selecting runners for the job",
+          "type": "array",
+          "default": [],
+          "advanced": true
         }
       ]
     }
diff --git a/templates/gitlab-ci-node.yml b/templates/gitlab-ci-node.yml
index a76f58a8cf614dda0c07f444fc3fc5bfe2147947..b1f29378bc0a443cd3a1f1e048fb97aaa56ec95e 100644
--- a/templates/gitlab-ci-node.yml
+++ b/templates/gitlab-ci-node.yml
@@ -120,6 +120,31 @@ spec:
     publish-args:
       description: npm [publish](https://docs.npmjs.com/cli/v8/commands/npm-publish) extra arguments - yarn [publish](https://classic.yarnpkg.com/lang/en/docs/cli/publish/) extra arguments - pnpm [publish](https://pnpm.io/cli/publish) extra arguments
       default: ''
+    node-build-job-tags:
+      description: tags to filter applicable runners for node-build job
+      type: array
+      default: []
+    node-lint-job-tags:
+      description: tags to filter applicable runners for node-lint job
+      type: array
+      default: []
+    node-audit-job-tags:
+      description: tags to filter applicable runners for node-audit job
+      type: array
+      default: []
+    node-outdated-job-tags:
+      description: tags to filter applicable runners for node-outdated job
+      type: array
+      default: []
+    node-sbom-job-tags:
+      description: tags to filter applicable runners for node-sbom job
+      type: array
+      default: []
+    node-publish-job-tags:
+      description: tags to filter applicable runners for node-publish job
+      type: array
+      default: []
+
 ---
 workflow:
   rules:
@@ -736,6 +761,7 @@ node-audit:
     - if: '$NODE_AUDIT_DISABLED == "true"'
       when: never
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.node-audit-job-tags ]]
 
 # outdated
 node-outdated:
@@ -765,6 +791,7 @@ node-outdated:
     # on non-production, non-integration branches: manual & non-blocking
     - when: manual
       allow_failure: true
+  tags: $[[ inputs.node-outdated-job-tags ]]
 
 # SAST: Semgrep
 node-semgrep:
@@ -797,6 +824,7 @@ node-semgrep:
     - if: '$NODE_SEMGREP_DISABLED == "true"'
       when: never
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.node-semgrep-job-tags ]]
 
 node-sbom:
   extends: .node-base
@@ -827,6 +855,7 @@ node-sbom:
     - if: '$NODE_SBOM_DISABLED == "true"'
       when: never
     - !reference [.test-policy, rules]
+  tags: $[[ inputs.node-sbom-job-tags ]]
 
 node-publish:
   extends: .node-base
@@ -841,3 +870,4 @@ node-publish:
       when: never
     # on tag with release pattern: auto
     - if: '$CI_COMMIT_TAG =~ $RELEASE_REF'
+  tags: $[[ inputs.node-publish-job-tags ]]
\ No newline at end of file